The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
httpd: incomplete fix for CVE-2023-38709 (CVE-2024-42516)
httpd: NULL pointer dereference via specially crafted request (CVE-2026-29169)
httpd: Apache HTTP Server: Heap-based Buffer Overflow via malicious backend servers (CVE-2026-34356)
httpd: Apache HTTP Server: Buffer Over-read via outbound OCSP requests to attacker-controlled server (CVE-2026-44185)
httpd: Apache HTTP Server: Denial of Service via crafted regular expressions (CVE-2026-44631)
httpd: Apache HTTP Server: Heap-based Buffer Overflow via untrusted content in mod_xml2enc (CVE-2026-42536)
httpd: Apache HTTP Server: Buffer overflow in modproxyhtml allows security bypass (CVE-2026-34355)
Bug Fix(es) and Enhancement(s):
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.