Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia 9: Apache Important Security Issues MGASA-2025-0301

mageia
Calendar Grey November 18, 2025
Dist Mageia Esm H88
Updated Apache packages fix important security issues including HTTP response splitting and a DoS threat on Mageia.
MGASA-2025-0301 - Updated apache packages fix security vulnerabilities

Summary

Description: HTTP response splitting. (CVE-2024-42516) SSRF with mod_headers setting Content-Type header. (CVE-2024-43204) mod_ssl error log variable escaping. (CVE-2024-47252) mod_proxy_http2 denial of service. (CVE-2025-49630) mod_ssl access control bypass with session resumption. (CVE-2025-23048) mod_ssl TLS upgrade attack. (CVE-2025-49812) HTTP/2 DoS by Memory Increase. (CVE-2025-53020) 'RewriteCond expr' always evaluates to true in 2.4.64. (CVE-2025-54090) You will find the update delay sometimes causes a failure; just restart the service after the update.

References

- https://bugs.mageia.org/show_bug.cgi?id=34464

- https://www.openwall.com/lists/oss-security/2025/07/10/2

- https://www.openwall.com/lists/oss-security/2025/07/10/3

- https://www.openwall.com/lists/oss-security/2025/07/10/4

- https://www.openwall.com/lists/oss-security/2025/07/10/6

- https://www.openwall.com/lists/oss-security/2025/07/10/7

- https://www.openwall.com/lists/oss-security/2025/07/10/8

- https://www.openwall.com/lists/oss-security/2025/07/10/9

- https://www.openwall.com/lists/oss-security/2025/07/10/10

- https://www.openwall.com/lists/oss-security/2025/07/24/2

- https://www.cve.org/CVERecord?id=CVE-2024-42516

- https://www.cve.org/CVERecord?id=CVE-2024-43204

- https://www.cve.org/CVERecord?id=CVE-2024-47252

- https://www.cve.org/CVERecord?id=CVE-2025-49630

- https://www.cve.org/CVERecord?id=CVE-2025-23048

- https://www.cve.org/CVERecord?id=CVE-2025-49812

- https://www.cve.org/CVERecord?id=CVE-2025-53020

- https://www.cve.org/CVERecord?id=CVE-2025-54090

Topics%20covered

Topics Covered

security advisory denial of service apache important http response splitting Mageia

Resolution

SRPMS

- 9/core/apache-2.4.65-1.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 18 Nov 2025
URL: https://advisories.mageia.org/MGASA-2025-0301.html
Type: security
CVE: CVE-2024-42516, CVE-2024-43204, CVE-2024-47252, CVE-2025-49630, CVE-2025-23048, CVE-2025-49812, CVE-2025-53020, CVE-2025-54090

Topics%20covered

Topics Covered

security advisory denial of service apache important http response splitting Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here