[El-errata] ELSA-2026-0075 Important: Oracle Linux 7 httpd security update

Errata Announcements for Oracle Linux via El-errata Mon, 12 Jan 2026 12:51:40 -0800

Oracle Linux Security Advisory ELSA-2026-0075

http://linux.oracle.com/errata/ELSA-2026-0075.html


The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
httpd-2.4.6-99.0.9.el7_9.1.x86_64.rpm
httpd-devel-2.4.6-99.0.9.el7_9.1.x86_64.rpm
httpd-manual-2.4.6-99.0.9.el7_9.1.noarch.rpm
httpd-tools-2.4.6-99.0.9.el7_9.1.x86_64.rpm
mod_ldap-2.4.6-99.0.9.el7_9.1.x86_64.rpm
mod_proxy_html-2.4.6-99.0.9.el7_9.1.x86_64.rpm
mod_session-2.4.6-99.0.9.el7_9.1.x86_64.rpm
mod_ssl-2.4.6-99.0.9.el7_9.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/httpd-2.4.6-99.0.9.el7_9.1.src.rpm

Related CVEs:

CVE-2025-58098




Description of changes:

[2.4.6-99.0.9.1]
- Fix CVE-2025-58098 [Orabug: 38816066]

[2.4.6-99.0.7.1]
- Fixed security update CVE-2024-47252 CVE-2025-49812 [Orabug: 38378160]

[2.4.6-99.0.5.1]
- Differentiate trusted sources [Orabug: 37100272][CVE-2024-38476]

[2.4.6-99.0.3.1]
- Opt-ins for unsafe prefix_stat and %3f [Orabug: 
36904263][CVE-2024-38474][CVE-2024-38475]
- mod_proxy: validate hostname [Orabug: 36904263][CVE-2024-38477]

[2.4.6-99.1.0.1]
- mod_proxy: ap_proxy_http_request() to clear hop-by-hop first and
  fixup last [CVE-2022-31813][Orabug: 34381850]
- mod_session: save one apr_strtok() [Orabug: 33338149][CVE-2021-26690]
- replace index.html with Oracle's index page oracle_index.html

[2.4.6-99.1]
- Resolves: #2190143 - mod_rewrite regression with CVE-2023-25690

[2.4.6-97.7]
- Resolves: #2177742 - CVE-2023-25690 httpd: HTTP request splitting with
  mod_rewrite and mod_proxy

[2.4.6-97.6]
- Resolves: #2101997 - HEAD request with a 404 and custom ErrorPage causes
  corrupt and mixed-up responses

[2.4.6-97.5]
- Resolves: #2065243 - CVE-2022-22720 httpd: HTTP request smuggling
  vulnerability in Apache HTTP Server 2.4.52 and earlier

[2.4.6-97.4]
- Resolves: #2031072 - CVE-2021-34798 httpd: NULL pointer dereference via
  malformed requests
- Resolves: #2031074 - CVE-2021-39275 httpd: out-of-bounds write in
  ap_escape_quotes() via malicious input
- Resolves: #1969226 - CVE-2021-26691 httpd: Heap overflow in mod_session


_______________________________________________
El-errata mailing list
[email protected]
https://oss.oracle.com/mailman/listinfo/el-errata

[El-errata] ELSA-2026-0075 Important: Oracle Linux 7 httpd security update

Reply via email to