[El-errata] ELSA-2025-23732 Important: Oracle Linux 8 httpd:2.4 security update

Fri Dec 26 11:04:19 UTC 2025

Oracle Linux Security Advisory ELSA-2025-23732

http://linux.oracle.com/errata/ELSA-2025-23732.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
httpd-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.x86_64.rpm
httpd-devel-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.x86_64.rpm
httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.noarch.rpm
httpd-manual-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.noarch.rpm
httpd-tools-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.x86_64.rpm
mod_http2-1.15.7-10.module+el8.10.0+90652+bef864ba.4.x86_64.rpm
mod_ldap-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.x86_64.rpm
mod_md-2.0.8-8.module+el8.10.0+90740+3332f30e.2.x86_64.rpm
mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.x86_64.rpm
mod_session-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.x86_64.rpm
mod_ssl-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.x86_64.rpm

aarch64:
httpd-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.aarch64.rpm
httpd-devel-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.aarch64.rpm
httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.noarch.rpm
httpd-manual-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.noarch.rpm
httpd-tools-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.aarch64.rpm
mod_http2-1.15.7-10.module+el8.10.0+90652+bef864ba.4.aarch64.rpm
mod_ldap-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.aarch64.rpm
mod_md-2.0.8-8.module+el8.10.0+90740+3332f30e.2.aarch64.rpm
mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.aarch64.rpm
mod_session-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.aarch64.rpm
mod_ssl-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/httpd-2.4.37-65.0.1.module+el8.10.0+90740+3332f30e.7.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/mod_http2-1.15.7-10.module+el8.10.0+90652+bef864ba.4.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/mod_md-2.0.8-8.module+el8.10.0+90740+3332f30e.2.src.rpm

Related CVEs:

CVE-2025-55753
CVE-2025-58098
CVE-2025-65082
CVE-2025-66200

Description of changes:

mod_md
[1:2.0.8-8.2]
- Resolves: RHEL-134487 - httpd:2.4/httpd: Apache HTTP Server: mod_md (ACME),
  unintended retry intervals (CVE-2025-55753)

[1:2.0.8-8]
- Resolves: #1832844 - mod_md does not work with ACME server that does not
  provide keyChange or revokeCert resources

[1:2.0.8-7]
- Resolves: #1747912 - add a2md(1) documentation

[1:2.0.8-6]
- Resolves: #1781263 - mod_md ACMEv1 crash

[1:2.0.8-5]
- Resolves: #1747898 - add mod_md package

[1:2.0.8-4]
- require mod_ssl, update package description

[1:2.0.8-3]
- rebuild against 2.4.41

[1:2.0.8-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

[1:2.0.8-1]
- update to 2.0.8

[2.0.3-1]
- Initial import (#1719248).