ALSA-2025:23932
See a problem?- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:23932.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2025:23932
- Related
- Published
- 2025-12-22T00:00:00Z
- Modified
- 2025-12-24T10:59:27.906907Z
- Summary
- Important: httpd security update
- Details
-
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
- httpd: Apache HTTP Server: CGI environment variable override (CVE-2025-65082)
- httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo (CVE-2025-66200)
- httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... (CVE-2025-58098)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://access.redhat.com/errata/RHSA-2025:23932
- https://access.redhat.com/security/cve/CVE-2025-58098
- https://access.redhat.com/security/cve/CVE-2025-65082
- https://access.redhat.com/security/cve/CVE-2025-66200
- https://bugzilla.redhat.com/2419139
- https://bugzilla.redhat.com/2419262
- https://bugzilla.redhat.com/2419365
- https://errata.almalinux.org/10/ALSA-2025-23932.html
Affected packages
AlmaLinux:10 / httpd
Package
- Name
- httpd
- Purl
- pkg:rpm/almalinux/httpd
AlmaLinux:10 / httpd-core
Package
- Name
- httpd-core
- Purl
- pkg:rpm/almalinux/httpd-core
AlmaLinux:10 / httpd-devel
Package
- Name
- httpd-devel
- Purl
- pkg:rpm/almalinux/httpd-devel