Stay Connected:

ELSA-2025-23932

ELSA-2025-23932 - httpd security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2025-12-22

Description


[2.4.63-4.0.1.3]
- Replace index.html with Oracle's index page oracle_index.html.

[2.4.63-4.3]
- Resolves: RHEL-135052 - httpd: Apache HTTP Server: mod_userdir+suexec bypass
via AllowOverride FileInfo (CVE-2025-66200)
- Resolves: RHEL-135035 - httpd: Apache HTTP Server: CGI environment variable
override (CVE-2025-65082)
- Resolves: RHEL-134467 - httpd: Apache HTTP Server: Server Side Includes adds
query string to #exec cmd=... (CVE-2025-58098)

[2.4.63-4.2]
- Resolves: RHEL-125894 - mod_ssl: allow more fine grained SSL SNI vhost check
to avoid unnecessary 421 errors after CVE-2025-23048 fix


Related CVEs


CVE-2025-58098
CVE-2025-65082
CVE-2025-66200

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 10 (aarch64) httpd-2.4.63-4.0.1.el10_1.3.src.rpm624a09e3097159255be2e063aecb079570d5ea8da4e3edcc168dca31e32a7b75-ol10_aarch64_appstream
httpd-2.4.63-4.0.1.el10_1.3.aarch64.rpme93ec9d99ba2278c8302e2e0c1c9efa9eff344fd47f43203e71faec2038d249d-ol10_aarch64_appstream
httpd-core-2.4.63-4.0.1.el10_1.3.aarch64.rpm8bcf7e8753c37cf37c95a3966b53799c13b6dd56ce0277d0f7c1bfb21a2e94f9-ol10_aarch64_appstream
httpd-devel-2.4.63-4.0.1.el10_1.3.aarch64.rpm303e19e4249ff3963863705e0625f4ec6bf332b8618a4c17a1e011a2cf8b81de-ol10_aarch64_appstream
httpd-filesystem-2.4.63-4.0.1.el10_1.3.noarch.rpm4de035b147bca17d8eec85c4a76b84e57b4633ca387669d1e92b68eb42fb4215-ol10_aarch64_appstream
httpd-manual-2.4.63-4.0.1.el10_1.3.noarch.rpm4fc500d365c53cc5ecfc930ae1d8a1b33ca1ed8703fdfe63c1a8f37f2bec4d80-ol10_aarch64_appstream
httpd-tools-2.4.63-4.0.1.el10_1.3.aarch64.rpm037d087eec072bd474387431cc06bd01e3e98ba2aa611baa731e52e2fd297912-ol10_aarch64_appstream
mod_ldap-2.4.63-4.0.1.el10_1.3.aarch64.rpmfc8b02f26319952540f913e0fbc330b6b6e5346baffa83669c961d69fa1581c7-ol10_aarch64_appstream
mod_lua-2.4.63-4.0.1.el10_1.3.aarch64.rpm08b818d74e0fa99d207a06341ed9114f6416af6d7d33dc0e59c088fad11d2965-ol10_aarch64_appstream
mod_proxy_html-2.4.63-4.0.1.el10_1.3.aarch64.rpm7fb4d10d63a8207ab1064b911ee1061dc1cd6eec9c2e1a1a36179605dfb12fa2-ol10_aarch64_appstream
mod_session-2.4.63-4.0.1.el10_1.3.aarch64.rpm929678a459442c27ec64c7c1ce25dfff4a2b6c567d4d76235cee537ce847f48b-ol10_aarch64_appstream
mod_ssl-2.4.63-4.0.1.el10_1.3.aarch64.rpm5febc0fabe73af3bc63a64f7c9c75d3ef0a10939ea41a5b7eda4a810bb384e31-ol10_aarch64_appstream
Oracle Linux 10 (x86_64) httpd-2.4.63-4.0.1.el10_1.3.src.rpm624a09e3097159255be2e063aecb079570d5ea8da4e3edcc168dca31e32a7b75-ol10_x86_64_appstream
httpd-2.4.63-4.0.1.el10_1.3.x86_64.rpmb0ba25df33bcf81927f5f11cee7d757c3d930cde31ab73b0eb237a0e99d59e20-ol10_x86_64_appstream
httpd-core-2.4.63-4.0.1.el10_1.3.x86_64.rpm818b41d587c896476234d6e08f41f1ae09a91e7c1a7827ff7ad4818fbde0a4ec-ol10_x86_64_appstream
httpd-devel-2.4.63-4.0.1.el10_1.3.x86_64.rpm33648cf787a09f74df7f40c42556a95cddd687cdd4b5fab6bd28492ef808540b-ol10_x86_64_appstream
httpd-filesystem-2.4.63-4.0.1.el10_1.3.noarch.rpm4de035b147bca17d8eec85c4a76b84e57b4633ca387669d1e92b68eb42fb4215-ol10_x86_64_appstream
httpd-manual-2.4.63-4.0.1.el10_1.3.noarch.rpm4fc500d365c53cc5ecfc930ae1d8a1b33ca1ed8703fdfe63c1a8f37f2bec4d80-ol10_x86_64_appstream
httpd-tools-2.4.63-4.0.1.el10_1.3.x86_64.rpm9bc61914c484de45d7cdeeebe041138306947e194effc4daa757dd512e20753a-ol10_x86_64_appstream
mod_ldap-2.4.63-4.0.1.el10_1.3.x86_64.rpme65d272b500706788688872d9b3a15e57fa0eea32315cfe8857e870be56d5b3a-ol10_x86_64_appstream
mod_lua-2.4.63-4.0.1.el10_1.3.x86_64.rpm7854d4f9e46f1f2dc8e1ac8eadb015d6ccf529db711333a12fa9e21578acecb4-ol10_x86_64_appstream
mod_proxy_html-2.4.63-4.0.1.el10_1.3.x86_64.rpm01976a7ce2f0e27f9ced27dfec6d1e01f2acfdfb50eb02a98031f216eec55544-ol10_x86_64_appstream
mod_session-2.4.63-4.0.1.el10_1.3.x86_64.rpm47bfc496ecc0d39758bc7909816d92d8f5b0da747b1cf1e9b52754728a917271-ol10_x86_64_appstream
mod_ssl-2.4.63-4.0.1.el10_1.3.x86_64.rpm447b615251f0894298e583b440ab9519ea0581c0128e31a549f6aff0c2f2be63-ol10_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights