Release date:
2026-05-05 01:58:42 UTC
Description:
- CVE-2024-42516: fix HTTP response splitting in core via Content-Type response header (header_filter rewrite)
- CVE-2024-43204: prevent SSRF via mod_headers RequestHeader set/edit Content-Type modifying response headers
- CVE-2024-43394: expand UNC path checking with new ap_stat_check helper (Linux: defense-in-depth no-op);
fold in upstream fix for CVE-2025-54090 (RewriteCond expr always evaluating true regression)
Updated packages:
-
httpd-2.4.62-4.el9_6.4.tuxcare.els3.x86_64.rpm
sha:c649534713149bf763929f1c9b5c2f06caa49d8a69def5709b5967c6f683d6f5
-
httpd-core-2.4.62-4.el9_6.4.tuxcare.els3.x86_64.rpm
sha:f156910051779fa20bbd35ab4690578ee068f034fc6fffa848aee161a28bfc50
-
httpd-devel-2.4.62-4.el9_6.4.tuxcare.els3.x86_64.rpm
sha:eb83520b3a6abf84036842fc59d0cef1fa716c7c1c6ad01386f918d273f5933e
-
httpd-filesystem-2.4.62-4.el9_6.4.tuxcare.els3.noarch.rpm
sha:fbc7b570bedcaecf713dea39425ad617afbbecba5d4bc1243df4c849f0fd1bd3
-
httpd-manual-2.4.62-4.el9_6.4.tuxcare.els3.noarch.rpm
sha:e471ca6d96be260d01328f245c2438012f2bdbf0c76520718892431a4f94c1a7
-
httpd-tools-2.4.62-4.el9_6.4.tuxcare.els3.x86_64.rpm
sha:a7d999ba99222a99907114b96ecd2238c56a15f64c742199bdddd091a3659156
-
mod_ldap-2.4.62-4.el9_6.4.tuxcare.els3.x86_64.rpm
sha:7a62a492a84923b761a43a765361ba5c297a23862e73494f350397996a4e729e
-
mod_lua-2.4.62-4.el9_6.4.tuxcare.els3.x86_64.rpm
sha:4e4110fb60984d6b5e294e2eaf7278b8d74476892b4ce26dc6bcdfb849307087
-
mod_proxy_html-2.4.62-4.el9_6.4.tuxcare.els3.x86_64.rpm
sha:85ceeafbe4e9a9d5e94b645fcb5f2526c4974caca6719211e338f5e161fc653d
-
mod_session-2.4.62-4.el9_6.4.tuxcare.els3.x86_64.rpm
sha:49541cc3878b0416c56f0000a0814de42f1f03aa31c964e945a97c0778e664b9
-
mod_ssl-2.4.62-4.el9_6.4.tuxcare.els3.x86_64.rpm
sha:42bf755611f15acce0cf96d4a6a297a0ab4c9abd682096499aa9fd32b3073036
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
