Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Oracle Linux 10 ELSA-2026-34109 httpd Important Buffer Overflow Fix

oracle
Calendar Grey July 17, 2026
Scroller Oracle
Oracle Linux 10 updates for httpd address critical buffer overflow and DoS risks. Immediate action recommended for users.
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

Summary

[2.4.63-13.0.1.el10_2.4] - Replace index.html with Oracle's index page oracle_index.html. [2.4.63-13.4] - Resolves: RHEL-186221 - httpd: Apache HTTP Server: Heap-based Buffer Overflow via malicious backend servers (CVE-2026-34356) - Resolves: RHEL-186195 - httpd: Apache HTTP Server: Heap-based Buffer Overflow via untrusted content in mod_xml2enc (CVE-2026-42536) - Resolves: RHEL-186182 - httpd: Apache HTTP Server: Buffer overflow in mod_proxy_html allows security bypass (CVE-2026-34355) - Resolves: RHEL-186158 - httpd: Apache HTTP Server: Buffer Over-read via outbound OCSP requests to attacker-controlled server (CVE-2026-44185) - Resolves: RHEL-184305 - httpd: Apache HTTP Server: Denial of Service via crafted regular expressions (CVE-2026-44631) - Resolves : RHEL-182581 - httpd: incomplete fix for CVE-2023-38709 (CVE-2024-42516) - Resolves: RHEL-175621 - httpd: NULL pointer dereference via specially crafted request (CVE-2026-29169) - Also addresses CVE-2026-44119, CV...

Read the Full Advisory

SRPMs

http://oss.oracle.com/ol10/SRPMS-updates/httpd-2.4.63-13.0.1.el10_2.4.src.rpm

x86_64

httpd-2.4.63-13.0.1.el10_2.4.x86_64.rpm httpd-core-2.4.63-13.0.1.el10_2.4.x86_64.rpm httpd-devel-2.4.63-13.0.1.el10_2.4.x86_64.rpm httpd-filesystem-2.4.63-13.0.1.el10_2.4.noarch.rpm httpd-manual-2.4.63-13.0.1.el10_2.4.noarch.rpm httpd-tools-2.4.63-13.0.1.el10_2.4.x86_64.rpm mod_ldap-2.4.63-13.0.1.el10_2.4.x86_64.rpm mod_lua-2.4.63-13.0.1.el10_2.4.x86_64.rpm mod_proxy_html-2.4.63-13.0.1.el10_2.4.x86_64.rpm mod_session-2.4.63-13.0.1.el10_2.4.x86_64.rpm mod_ssl-2.4.63-13.0.1.el10_2.4.x86_64.rpm

aarch64

httpd-2.4.63-13.0.1.el10_2.4.aarch64.rpm httpd-core-2.4.63-13.0.1.el10_2.4.aarch64.rpm httpd-devel-2.4.63-13.0.1.el10_2.4.aarch64.rpm httpd-filesystem-2.4.63-13.0.1.el10_2.4.noarch.rpm httpd-manual-2.4.63-13.0.1.el10_2.4.noarch.rpm httpd-tools-2.4.63-13.0.1.el10_2.4.aarch64.rpm mod_ldap-2.4.63-13.0.1.el10_2.4.aarch64.rpm mod_lua-2.4.63-13.0.1.el10_2.4.aarch64.rpm mod_proxy_html-2.4.63-13.0.1.el10_2.4.aarch64.rpm mod_session-2.4.63-13.0.1.el10_2.4.aarch64.rpm mod_ssl-2.4.63-13.0.1.el10_2.4.aarch64.rpm

Severity
important
Lowest
Low
Medium
High
Critical

Related CVEs: CVE-2024-42516 CVE-2026-29169 CVE-2026-34355 CVE-2026-34356 CVE-2026-42536 CVE-2026-44185 CVE-2026-44631

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.