Alerts This Week
Warning Icon 1 615
Alerts This Week
Warning Icon 1 615

Oracle Linux 8 httpd Important DoS Code Exec Vulnerability ELSA-2026-25090

oracle
Calendar Grey June 18, 2026
Oracle Linux Logo Esm H88
Updated Oracle Linux 8 rpms for httpd impact security with important fixes for various vulnerabilities.
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Summary

httpd [2.4.37-65.0.1.8] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-65.8] - Resolves: RHEL-173558 - httpd:2.4/httpd: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780) - Resolves: RHEL-175074 - httpd:2.4/httpd: NULL pointer dereference can cause a child process crash (CVE-2026-33007) - Resolves: RHEL-175088 - httpd:2.4/httpd: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857) - Resolves: RHEL-175620 - httpd:2.4/httpd: NULL pointer dereference via specially crafted request (CVE-2026-29169) - Resolves: RHEL-175055 - httpd: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059) [2.4.37-65.7] - Resolves: RHEL-135054 - httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo (CVE-2025-66200) - Resolves: RHEL-135039 - httpd: Apache HTTP Server: CGI environment variable override (CVE-2025-65082) - Resolves: RHEL-134...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service arbitrary code execution httpd important Oracle

SRPMs

http://oss.oracle.com/ol8/SRPMS-updates/httpd-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/mod_http2-1.15.7-10.module+el8.10.0+90909+2fc0e3ca.6.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/mod_md-2.0.8-8.module+el8.10.0+90899+db89cbcc.2.src.rpm

x86_64

httpd-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm mod_http2-1.15.7-10.module+el8.10.0+90909+2fc0e3ca.6.x86_64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm mod_md-2.0.8-8.module+el8.10.0+90899+db89cbcc.2.x86_64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm

aarch64

httpd-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm mod_http2-1.15.7-10.module+el8.10.0+90909+2fc0e3ca.6.aarch64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm mod_md-2.0.8-8.module+el8.10.0+90899+db89cbcc.2.aarch64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm

Severity
important
Lowest
Low
Medium
High
Critical

Related CVEs: CVE-2026-49975

Topics%20covered

Topics Covered

security advisory denial of service arbitrary code execution httpd important Oracle

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here