[El-errata] ELSA-2025-23919 Important: Oracle Linux 9 httpd security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Dec 24 17:24:50 UTC 2025 

Oracle Linux Security Advisory ELSA-2025-23919

http://linux.oracle.com/errata/ELSA-2025-23919.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
httpd-2.4.62-7.0.1.el9_7.3.x86_64.rpm
httpd-core-2.4.62-7.0.1.el9_7.3.x86_64.rpm
httpd-devel-2.4.62-7.0.1.el9_7.3.x86_64.rpm
httpd-filesystem-2.4.62-7.0.1.el9_7.3.noarch.rpm
httpd-manual-2.4.62-7.0.1.el9_7.3.noarch.rpm
httpd-tools-2.4.62-7.0.1.el9_7.3.x86_64.rpm
mod_ldap-2.4.62-7.0.1.el9_7.3.x86_64.rpm
mod_lua-2.4.62-7.0.1.el9_7.3.x86_64.rpm
mod_proxy_html-2.4.62-7.0.1.el9_7.3.x86_64.rpm
mod_session-2.4.62-7.0.1.el9_7.3.x86_64.rpm
mod_ssl-2.4.62-7.0.1.el9_7.3.x86_64.rpm

aarch64:
httpd-2.4.62-7.0.1.el9_7.3.aarch64.rpm
httpd-core-2.4.62-7.0.1.el9_7.3.aarch64.rpm
httpd-devel-2.4.62-7.0.1.el9_7.3.aarch64.rpm
httpd-filesystem-2.4.62-7.0.1.el9_7.3.noarch.rpm
httpd-manual-2.4.62-7.0.1.el9_7.3.noarch.rpm
httpd-tools-2.4.62-7.0.1.el9_7.3.aarch64.rpm
mod_ldap-2.4.62-7.0.1.el9_7.3.aarch64.rpm
mod_lua-2.4.62-7.0.1.el9_7.3.aarch64.rpm
mod_proxy_html-2.4.62-7.0.1.el9_7.3.aarch64.rpm
mod_session-2.4.62-7.0.1.el9_7.3.aarch64.rpm
mod_ssl-2.4.62-7.0.1.el9_7.3.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/httpd-2.4.62-7.0.1.el9_7.3.src.rpm

Related CVEs:

CVE-2025-58098
CVE-2025-65082
CVE-2025-66200




Description of changes:

[2.4.62-7.0.1.3]
- Replace index.html with Oracle's index page oracle_index.html.

[2.4.62-7.3]
- Resolves: RHEL-135063 - httpd: Apache HTTP Server: mod_userdir+suexec bypass
  via AllowOverride FileInfo (CVE-2025-66200)
- Resolves: RHEL-135048 - httpd: Apache HTTP Server: CGI environment variable
  override (CVE-2025-65082)
- Resolves: RHEL-134480 - httpd: Apache HTTP Server: Server Side Includes adds
  query string to #exec cmd=... (CVE-2025-58098)

[2.4.62-7.2]
- Resolves: RHEL-123850 - mod_proxy_hcheck may stop healthchecks after a child
  process is reclaimed

[2.4.62-7.1]
- Resolves: RHEL-125884 - mod_ssl: allow more fine grained SSL SNI vhost check
  to avoid unnecessary 421 errors after CVE-2025-23048 fix
- mod_ssl: add conf.d/snipolicy.conf to set 'SSLVHostSNIPolicy authonly' default

More information about the El-errata mailing list