httpd-2.4.62-13.el9_8.1
エラータID: AXSA:2026-1272:07
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059)
* httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032)
* httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857)
* httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash (CVE-2026-33007)
* Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-28780
Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
CVE-2026-33007
A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue.
CVE-2026-33857
Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
CVE-2026-34032
Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
CVE-2026-34059
Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Update packages.
Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue.
Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
N/A
SRPMS
- httpd-2.4.62-13.el9_8.1.src.rpm
MD5: 99c00c7195765a8f11f7af569ac97747
SHA-256: efee9a7870b94ae29b217ea87462f734def59260a8e70002c40b7c5dccd9f425
Size: 7.66 MB
Asianux Server 9 for x86_64
- httpd-2.4.62-13.el9_8.1.x86_64.rpm
MD5: a61041f01d1ffae1bb2c09dbf1ff5469
SHA-256: bd5f9697f067250c8322aca2364287b790323c912e7fb5c3d67d7bdac7b889e7
Size: 50.61 kB - httpd-core-2.4.62-13.el9_8.1.x86_64.rpm
MD5: 7060716414c9356b7aa7b548503a7928
SHA-256: d8adfec199c39c25f08a160510f43ee57907b498bcf1c1d6ee53148b7e45f815
Size: 1.47 MB - httpd-devel-2.4.62-13.el9_8.1.x86_64.rpm
MD5: 2d94ded0eb9474a678aa991afc91255c
SHA-256: 6137dff6a3ae95bec29db31b9080a07ac4f233a2add9e8bb7eefeb62c3a334ed
Size: 211.18 kB - httpd-filesystem-2.4.62-13.el9_8.1.noarch.rpm
MD5: a25785cef0fec35d4c708182466dd002
SHA-256: 6b78446057278b557ec822dad4ba9e8424309218910b748790a940f472b226fc
Size: 12.35 kB - httpd-manual-2.4.62-13.el9_8.1.noarch.rpm
MD5: 39d0d6582d1091fec2a4d5ea48e0e828
SHA-256: b4501042b894bd9ddfe260c812580a15294c965ee0338403d1ae4546c51495bb
Size: 2.30 MB - httpd-tools-2.4.62-13.el9_8.1.x86_64.rpm
MD5: 250056d85013406fea5fad048299efdc
SHA-256: ec0214fb0d199e05450662f6ed1d63bfe880358df2912b01fcf52ca62bf75408
Size: 83.22 kB - mod_ldap-2.4.62-13.el9_8.1.x86_64.rpm
MD5: 325399cb19ccf86957ec08eea978a923
SHA-256: 75048ebe626b6c55209f7abae151d66aa39c35a4936cdcb61253fc3cbdee5d92
Size: 59.86 kB - mod_lua-2.4.62-13.el9_8.1.x86_64.rpm
MD5: 8038855e53cad717e469b00ee37dde40
SHA-256: 02087bf7d84f8fcfd7a23da6de797ff8a24cf3fa45676627b17e3a93e69a0d47
Size: 59.03 kB - mod_proxy_html-2.4.62-13.el9_8.1.x86_64.rpm
MD5: 3d4cf8d7880cdada9c60243c8cfba636
SHA-256: f9a14623689a8d36b611919e3ba5bf67aa8854d9c8dd203ed45ec4c30ebdf74c
Size: 34.73 kB - mod_session-2.4.62-13.el9_8.1.x86_64.rpm
MD5: 1e1bf51ab6816e6f047ec82767b088be
SHA-256: 19b48fe7de13796d1d016d091464708d9075598cf5b838d095a0e24c1911006d
Size: 46.44 kB - mod_ssl-2.4.62-13.el9_8.1.x86_64.rpm
MD5: f2edb2f1256a3c013d24c0203031178a
SHA-256: 79ab7c673022c91ed3ddc16c927a580e21a19de15e1b590bfef5bb1cc9682cd7
Size: 110.05 kB