Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 292 articles for you...
89

Fedora 43 httpd 2.4.68 Important Security Advisory 2026-37947358ea

new version 2.4.68 fixes various security issues. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-37947358ea 2026-06-25 16:24:07.917255+00:00 -------------------------------------------------------------------------------- Name : httpd Product : Fedora 43 Version : 2.4.68 Release : 1.fc43 URL : https://httpd.apache.org/ Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, efficient, and extensible web server. -------------------------------------------------------------------------------- Update Information: new version 2.4.68 fixes various security issues -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Luboš Uhliarik - 2.4.68-1 - new version 2.4.68 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486351 - httpd-2.4.68 is available https://bugzilla.redhat.com/show_bug.cgi?id=2486351 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-37947358ea' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 43 update for httpd 2.4.68 addresses critical security aspects. Upgrade recommended for enhanced protection.. Fedora httpd update Apache security fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 25, 2026 Important Fedora
217

Oracle Linux 9 httpd Important Buffer Overflow Advisory ELSA-2026-21391

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-21391 http://linux.oracle.com/errata/ELSA-2026-21391.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: httpd-2.4.62-13.0.1.el9_8.1.x86_64.rpm httpd-core-2.4.62-13.0.1.el9_8.1.x86_64.rpm httpd-devel-2.4.62-13.0.1.el9_8.1.x86_64.rpm httpd-filesystem-2.4.62-13.0.1.el9_8.1.noarch.rpm httpd-manual-2.4.62-13.0.1.el9_8.1.noarch.rpm httpd-tools-2.4.62-13.0.1.el9_8.1.x86_64.rpm mod_ldap-2.4.62-13.0.1.el9_8.1.x86_64.rpm mod_lua-2.4.62-13.0.1.el9_8.1.x86_64.rpm mod_proxy_html-2.4.62-13.0.1.el9_8.1.x86_64.rpm mod_session-2.4.62-13.0.1.el9_8.1.x86_64.rpm mod_ssl-2.4.62-13.0.1.el9_8.1.x86_64.rpm aarch64: httpd-2.4.62-13.0.1.el9_8.1.aarch64.rpm httpd-core-2.4.62-13.0.1.el9_8.1.aarch64.rpm httpd-devel-2.4.62-13.0.1.el9_8.1.aarch64.rpm httpd-filesystem-2.4.62-13.0.1.el9_8.1.noarch.rpm httpd-manual-2.4.62-13.0.1.el9_8.1.noarch.rpm httpd-tools-2.4.62-13.0.1.el9_8.1.aarch64.rpm mod_ldap-2.4.62-13.0.1.el9_8.1.aarch64.rpm mod_lua-2.4.62-13.0.1.el9_8.1.aarch64.rpm mod_proxy_html-2.4.62-13.0.1.el9_8.1.aarch64.rpm mod_session-2.4.62-13.0.1.el9_8.1.aarch64.rpm mod_ssl-2.4.62-13.0.1.el9_8.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/httpd-2.4.62-13.0.1.el9_8.1.src.rpm Related CVEs: CVE-2026-28780 CVE-2026-33007 CVE-2026-33857 CVE-2026-34032 CVE-2026-34059 Description of changes: [2.4.62-13.0.1.el9_8.1] - Replace index.html with Oracle's index page oracle_index.html. [2.4.62-13.1] - Resolves: RHEL-173555 - httpd: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780) - Resolves: RHEL-175080 - httpd: NULL pointer dereference can cause a child process crash (CVE-2026-33007) - Resolves: RHEL-175100 - httpd: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857) - Resolves: RHEL-175028 - httpd: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032) - Resolves: RHEL-175062 - httpd: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 9 updates include important security patches for httpd addressing buffer overflow and denial of service issues.. Oracle Linux, important patches, httpd security, buffer overflow, code execution. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 24, 2026 Important Oracle
217

Oracle Linux 8 httpd Important DoS Code Exec Vulnerability ELSA-2026-25090

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-25090 http://linux.oracle.com/errata/ELSA-2026-25090.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: httpd-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm mod_http2-1.15.7-10.module+el8.10.0+90909+2fc0e3ca.6.x86_64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm mod_md-2.0.8-8.module+el8.10.0+90899+db89cbcc.2.x86_64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.x86_64.rpm aarch64: httpd-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm mod_http2-1.15.7-10.module+el8.10.0+90909+2fc0e3ca.6.aarch64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm mod_md-2.0.8-8.module+el8.10.0+90899+db89cbcc.2.aarch64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/httpd-2.4.37-65.0.1.module+el8.10.0+90909+2fc0e3ca.8.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/mod_http2-1.15.7-10.module+el8.10.0+90909+2fc0e3ca.6.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/mod_md-2.0.8-8.module+el8.10.0+90899+db89cbcc.2.src.rpm Related CVEs: CVE-2026-49975 Description of changes: httpd [2.4.37-65.0.1.8] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-65.8] - Resolves: RHEL-173558 - httpd:2.4/httpd:Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780) - Resolves: RHEL-175074 - httpd:2.4/httpd: NULL pointer dereference can cause a child process crash (CVE-2026-33007) - Resolves: RHEL-175088 - httpd:2.4/httpd: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857) - Resolves: RHEL-175620 - httpd:2.4/httpd: NULL pointer dereference via specially crafted request (CVE-2026-29169) - Resolves: RHEL-175055 - httpd: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059) [2.4.37-65.7] - Resolves: RHEL-135054 - httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo (CVE-2025-66200) - Resolves: RHEL-135039 - httpd: Apache HTTP Server: CGI environment variable override (CVE-2025-65082) - Resolves: RHEL-134471 - httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (CVE-2025-58098) [2.4.37-65.6] - Resolves: RHEL-127073 - mod_ssl: allow more fine grained SSL SNI vhost check to avoid unnecessary 421 errors after CVE-2025-23048 fix - mod_ssl: add conf.d/snipolicy.conf to set 'SSLVHostSNIPolicy authonly' default [2.4.37-65.5] - Resolves: RHEL-99944 - CVE-2025-49812 httpd: HTTP Session Hijack via a TLS upgrade - Resolves: RHEL-99969 - CVE-2024-47252 httpd: insufficient escaping of user-supplied data in mod_ssl - Resolves: RHEL-99961 - CVE-2025-23048 httpd: access control bypass by trusted clients is possible using TLS 1.3 session resumption [2.4.37-65.4] - Resolves: RHEL-87641 - apache Bug 63192 - mod_ratelimit breaks HEAD requests [2.4.37-65.3] - Resolves: RHEL-56068 - Apache HTTPD no longer parse PHP files with unicode characters in the name [2.4.37-65.2] - Resolves: RHEL-46040 - httpd:2.4/httpd: Security issues via backend applications whose response headers are malicious or exploitable (CVE-2024-38476) - Resolves: RHEL-53022 - Regression introduced by CVE-2024-38474 fix [2.4.37-65.1] - Resolves: RHEL-45812 - httpd:2.4/httpd:Substitution encoding issue in mod_rewrite (CVE-2024-38474) - Resolves: RHEL-45785 - httpd:2.4/httpd: Encoding problem in mod_proxy (CVE-2024-38473) - Resolves: RHEL-45777 - httpd:2.4/httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475) - Resolves: RHEL-45758 - httpd:2.4/httpd: null pointer dereference in mod_proxy (CVE-2024-38477) - Resolves: RHEL-45743 - httpd:2.4/httpd: Potential SSRF in mod_rewrite (CVE-2024-39573) [2.4.37-65] - Resolves: RHEL-31857 - httpd:2.4/httpd: HTTP response splitting (CVE-2023-38709) mod_http2 [1.15.7-10.6] - Resolves: RHEL-182418 - mod_http2: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack (CVE-2026-49975) [1.15.7-10.5] - Resolves: RHEL-166277 - httpd:2.4/httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020) [1.15.7-10.4] - Resolves: RHEL-105186 - httpd:2.4/httpd: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module (CVE-2025-49630) [1.15.7-10.3] - Resolves: RHEL-58454 - mod_proxy_http2 failures after CVE-2024-38477 fix - Resolves: RHEL-59017 - random failures in other requests on http/2 stream when client resets one request [1.15.7-10.2] - Resolves: RHEL-71575: Wrong Content-Type when proxying using H2 protocol [1.15.7-10.1] - Resolves: RHEL-46214 - Access logs and ErrorDocument don't work when HTTP431 occurs using http/2 on RHEL8 [1.15.7-10] - Resolves: RHEL-29817 - httpd:2.4/mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316) [1.15.7-9.3] - Resolves: RHEL-13367 - httpd:2.4/mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487)(CVE-2023-45802) [1.15.7-8.3] - Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting with mod_rewrite and mod_proxy [1.15.7-7] - Resolves: #2095650 - Dependency from mod_http2 on httpd broken mod_md [1:2.0.8-8.2] - Resolves: RHEL-134487 - httpd:2.4/httpd: Apache HTTP Server: mod_md (ACME), unintended retry intervals (CVE-2025-55753) [1:2.0.8-8] - Resolves:#1832844 - mod_md does not work with ACME server that does not provide keyChange or revokeCert resources [1:2.0.8-7] - Resolves: #1747912 - add a2md(1) documentation [1:2.0.8-6] - Resolves: #1781263 - mod_md ACMEv1 crash [1:2.0.8-5] - Resolves: #1747898 - add mod_md package [1:2.0.8-4] - require mod_ssl, update package description [1:2.0.8-3] - rebuild against 2.4.41 [1:2.0.8-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [1:2.0.8-1] - update to 2.0.8 [2.0.3-1] - Initial import (#1719248). _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Updated Oracle Linux 8 rpms for httpd impact security with important fixes for various vulnerabilities.. Oracle Linux, httpd, security update, important fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 18, 2026 Important Oracle
89

Fedora 44 httpd 2.4.68 Important Security Issues Advisory 2026-d4136fe979

new version 2.4.68 fixes various security issues. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-d4136fe979 2026-06-11 00:54:51.286493+00:00 -------------------------------------------------------------------------------- Name : httpd Product : Fedora 44 Version : 2.4.68 Release : 1.fc44 URL : https://httpd.apache.org/ Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, efficient, and extensible web server. -------------------------------------------------------------------------------- Update Information: new version 2.4.68 fixes various security issues -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 9 2026 Luboš Uhliarik - 2.4.68-1 - new version 2.4.68 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2486351 - httpd-2.4.68 is available https://bugzilla.redhat.com/show_bug.cgi?id=2486351 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-d4136fe979' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 44 Apache httpd version 2.4.68 includes fixes for various security issues. Stay updated with this release.. Fedora 44, httpd 2.4.68, security updates, Apache fixes. . LinuxSecurity.com Team

Calendar%202 Jun 10, 2026 Fedora
99

Slackware 15.0 httpd Important DoS Fix for CVE-2026-49975 2026-154-01

New httpd packages are available for Slackware 15.0 and -current to fix a security issue.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2026-154-01) New httpd packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.67-i586-2_slack15.0.txz: Rebuilt. This update fixes "HTTP/2 Bomb", a resource exhaustion denial-of-service attack against HTTP/2. For more information, see: https://seclists.org/oss-sec/2026/q2/790 https://www.cve.org/CVERecord?id=CVE-2026-49975 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/httpd-2.4.67-i586-2_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/httpd-2.4.67-x86_64-2_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.67-i686-2.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.67-x86_64-2.txz MD5 signatures: +-------------+ Slackware 15.0 package: fe1db72c286841174ff38534c6e6918d httpd-2.4.67-i586-2_slack15.0.txz Slackware x86_64 15.0 package: b14dd1a6d97a842eee7a5ecd7b8f0855 httpd-2.4.67-x86_64-2_slack15.0.txz Slackware -current package: eee9bd40cb210f87590334e724d2bde0 n/httpd-2.4.67-i686-2.txz Slackware x86_64 -current package: 594fcc2edd5ca2f41a3aade3b7d467bb n/httpd-2.4.67-x86_64-2.txz Installationinstructions: +------------------------+ Upgrade the package as root: # upgradepkg httpd-2.4.67-i586-2_slack15.0.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ . New httpd packages address security issues in Slackware 15.0 and -current ensuring system stability. Updates recommended.. HTTPD Security Update, Slackware Linux, Resource Exhaustion, Denial of Service, Security Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 03, 2026 Important Slackware
217

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-22140 http://linux.oracle.com/errata/ELSA-2026-22140.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: httpd-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm mod_http2-1.15.7-10.module+el8.10.0+90899+db89cbcc.5.x86_64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm mod_md-2.0.8-8.module+el8.10.0+90899+db89cbcc.2.x86_64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.x86_64.rpm aarch64: httpd-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm mod_http2-1.15.7-10.module+el8.10.0+90899+db89cbcc.5.aarch64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm mod_md-2.0.8-8.module+el8.10.0+90899+db89cbcc.2.aarch64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/httpd-2.4.37-65.0.1.module+el8.10.0+90899+db89cbcc.7.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/mod_http2-1.15.7-10.module+el8.10.0+90899+db89cbcc.5.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/mod_md-2.0.8-8.module+el8.10.0+90899+db89cbcc.2.src.rpm Related CVEs: CVE-2025-53020 CVE-2026-28780 CVE-2026-33007 CVE-2026-33857 CVE-2026-34032 CVE-2026-34059 Description of changes: httpd [2.4.37-65.0.1.7] - Replace index.html with Oracle's index pageoracle_index.html mod_http2 [1.15.7-10.5] - Resolves: RHEL-166277 - httpd:2.4/httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020) mod_md [1:2.0.8-8.2] - Resolves: RHEL-134487 - httpd:2.4/httpd: Apache HTTP Server: mod_md (ACME), unintended retry intervals (CVE-2025-55753) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 8 updates for httpd include critical fixes for important security issues affecting the Apache server.. Oracle Linux,httpd,Apache Server,security update,important advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 03, 2026 Important Oracle
89

Fedora 43 httpd Critical Arbitrary Code Execution Buffer Overflow Alerts

new version 2.4.67. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-0c87f546f8 2026-05-24 00:50:16.962711+00:00 -------------------------------------------------------------------------------- Name : httpd Product : Fedora 43 Version : 2.4.67 Release : 1.fc43 URL : https://httpd.apache.org/ Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, efficient, and extensible web server. -------------------------------------------------------------------------------- Update Information: new version 2.4.67 -------------------------------------------------------------------------------- ChangeLog: * Wed May 6 2026 Lubo\u0161 Uhliarik - 2.4.67-1 - new version 2.4.67 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2464943 - httpd-2.4.67 is available https://bugzilla.redhat.com/show_bug.cgi?id=2464943 [ 2 ] Bug #2466956 - CVE-2026-28780 httpd: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2466956 [ 3 ] Bug #2469229 - CVE-2026-34032 httpd: heap-based buffer over-read due to missing null-termination check [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2469229 [ 4 ] Bug #2469240 - CVE-2026-34059 httpd: heap-based buffer over-read and memory disclosure in ajp_parse_data() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2469240 [ 5 ] Bug #2469242 - CVE-2026-33007 httpd: NULL pointer dereference can cause a child process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2469242 [ 6 ] Bug #2469243 - CVE-2026-33857 httpd: off-by-one out-of-bounds reads in AJP getter functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2469243 [ 7 ] Bug #2476561 - CVE-2026-33006 httpd: timing attack allows a bypass of digest authentication[fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476561 [ 8 ] Bug #2476562 - CVE-2026-29169 httpd: NULL pointer dereference via specially crafted request [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476562 [ 9 ] Bug #2476563 - CVE-2026-33523 httpd: HTTP response splitting forwarding malicious status line [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476563 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0c87f546f8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . A critical update for Fedora 43 httpd addresses new vulnerabilities and enhances security for users. Read more!. Fedora httpd update, security advisory, buffer overflow vulnerability, Apache server update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 24, 2026 Important Fedora
99

Slackware 15.0 server crucial update system down SSA-2026-125-03

New httpd packages are available for Slackware 15.0 and -current to fix security issues.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2026-124-01) New httpd packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.67-i586-1_slack15.0.txz: Upgraded. This release fixes bugs and the following security issues: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data(). mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check. Off-by-one OOB reads in AJP getter functions. HTTP response splitting forwarding malicious status line. mod_authn_socache crash. mod_auth_digest timing attack. mod_md unrestricted OCSP response. buffer overflow in mod_proxy_ajp via ajp_msg_check_header(). mod_rewrite elevation of privileges via ap_expr. http2: double free and possible RCE on early reset. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.67 https://www.cve.org/CVERecord?id=CVE-2026-34059 https://www.cve.org/CVERecord?id=CVE-2026-34032 https://www.cve.org/CVERecord?id=CVE-2026-33857 https://www.cve.org/CVERecord?id=CVE-2026-33523 https://www.cve.org/CVERecord?id=CVE-2026-33007 https://www.cve.org/CVERecord?id=CVE-2026-33006 https://www.cve.org/CVERecord?id=CVE-2026-29169 https://www.cve.org/CVERecord?id=CVE-2026-29168 https://www.cve.org/CVERecord?id=CVE-2026-28780 https://www.cve.org/CVERecord?id=CVE-2026-24072 https://www.cve.org/CVERecord?id=CVE-2026-23918 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package forSlackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/httpd-2.4.67-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/httpd-2.4.67-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.67-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.67-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 40ae34142dbfef476bca1cb0ff03ae48 httpd-2.4.67-i586-1_slack15.0.txz Slackware x86_64 15.0 package: d0f86d622aeae7fbc4f2ac87f6dcd22b httpd-2.4.67-x86_64-1_slack15.0.txz Slackware -current package: a7cae891b9054296e09995e8806bea99 n/httpd-2.4.67-i686-1.txz Slackware x86_64 -current package: 3508b66e51e6391820f5c291760324a5 n/httpd-2.4.67-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg httpd-2.4.67-i586-1_slack15.0.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ . New Slackware httpd update addresses critical issues including memory disclosure and potential DoS threats.. Slacker security slackware httpd update critical fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 04, 2026 Critical Slackware
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200