RLSA-2026:21391

Security

Mirrored from RHSA-2026:21391

Issued at: 2026-05-30

Updated at: 2026-05-31

Synopsis

Important: httpd security update

Description

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059)

* httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032)

* httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857)

* httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash (CVE-2026-33007)

* Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 9 aarch64

Rocky Linux 9 ppc64le

Rocky Linux 9 s390x

Rocky Linux 9 x86_64

Fixes

2464940

2464952

2464953

2465299

2466913

CVEs

CVE-2026-28780

CVE-2026-33007

CVE-2026-33857

CVE-2026-34032

CVE-2026-34059

Affected packages

Rocky Linux 9 aarch64 - AppStream

httpd-0:2.4.62-13.el9_8.1.aarch64.rpm

httpd-0:2.4.62-13.el9_8.1.src.rpm

httpd-core-0:2.4.62-13.el9_8.1.aarch64.rpm

httpd-core-debuginfo-0:2.4.62-13.el9_8.1.aarch64.rpm

httpd-debuginfo-0:2.4.62-13.el9_8.1.aarch64.rpm

httpd-debugsource-0:2.4.62-13.el9_8.1.aarch64.rpm

httpd-devel-0:2.4.62-13.el9_8.1.aarch64.rpm

httpd-filesystem-0:2.4.62-13.el9_8.1.noarch.rpm

httpd-manual-0:2.4.62-13.el9_8.1.noarch.rpm

httpd-tools-0:2.4.62-13.el9_8.1.aarch64.rpm

httpd-tools-debuginfo-0:2.4.62-13.el9_8.1.aarch64.rpm

mod_ldap-0:2.4.62-13.el9_8.1.aarch64.rpm

mod_ldap-debuginfo-0:2.4.62-13.el9_8.1.aarch64.rpm

mod_lua-0:2.4.62-13.el9_8.1.aarch64.rpm

mod_lua-debuginfo-0:2.4.62-13.el9_8.1.aarch64.rpm

mod_proxy_html-1:2.4.62-13.el9_8.1.aarch64.rpm

mod_proxy_html-debuginfo-1:2.4.62-13.el9_8.1.aarch64.rpm

mod_session-0:2.4.62-13.el9_8.1.aarch64.rpm

mod_session-debuginfo-0:2.4.62-13.el9_8.1.aarch64.rpm

mod_ssl-1:2.4.62-13.el9_8.1.aarch64.rpm

mod_ssl-debuginfo-1:2.4.62-13.el9_8.1.aarch64.rpm

Rocky Linux 9 ppc64le - AppStream

httpd-0:2.4.62-13.el9_8.1.ppc64le.rpm

httpd-0:2.4.62-13.el9_8.1.src.rpm

httpd-core-0:2.4.62-13.el9_8.1.ppc64le.rpm

httpd-core-debuginfo-0:2.4.62-13.el9_8.1.ppc64le.rpm

httpd-debuginfo-0:2.4.62-13.el9_8.1.ppc64le.rpm

httpd-debugsource-0:2.4.62-13.el9_8.1.ppc64le.rpm

httpd-devel-0:2.4.62-13.el9_8.1.ppc64le.rpm

httpd-filesystem-0:2.4.62-13.el9_8.1.noarch.rpm

httpd-manual-0:2.4.62-13.el9_8.1.noarch.rpm

httpd-tools-0:2.4.62-13.el9_8.1.ppc64le.rpm

httpd-tools-debuginfo-0:2.4.62-13.el9_8.1.ppc64le.rpm

mod_ldap-0:2.4.62-13.el9_8.1.ppc64le.rpm

mod_ldap-debuginfo-0:2.4.62-13.el9_8.1.ppc64le.rpm

mod_lua-0:2.4.62-13.el9_8.1.ppc64le.rpm

mod_lua-debuginfo-0:2.4.62-13.el9_8.1.ppc64le.rpm

mod_proxy_html-1:2.4.62-13.el9_8.1.ppc64le.rpm

mod_proxy_html-debuginfo-1:2.4.62-13.el9_8.1.ppc64le.rpm

mod_session-0:2.4.62-13.el9_8.1.ppc64le.rpm

mod_session-debuginfo-0:2.4.62-13.el9_8.1.ppc64le.rpm

mod_ssl-1:2.4.62-13.el9_8.1.ppc64le.rpm

mod_ssl-debuginfo-1:2.4.62-13.el9_8.1.ppc64le.rpm

Rocky Linux 9 s390x - AppStream

httpd-0:2.4.62-13.el9_8.1.s390x.rpm

httpd-0:2.4.62-13.el9_8.1.src.rpm

httpd-core-0:2.4.62-13.el9_8.1.s390x.rpm

httpd-core-debuginfo-0:2.4.62-13.el9_8.1.s390x.rpm

httpd-debuginfo-0:2.4.62-13.el9_8.1.s390x.rpm

httpd-debugsource-0:2.4.62-13.el9_8.1.s390x.rpm

httpd-devel-0:2.4.62-13.el9_8.1.s390x.rpm

httpd-filesystem-0:2.4.62-13.el9_8.1.noarch.rpm

httpd-manual-0:2.4.62-13.el9_8.1.noarch.rpm

httpd-tools-0:2.4.62-13.el9_8.1.s390x.rpm

httpd-tools-debuginfo-0:2.4.62-13.el9_8.1.s390x.rpm

mod_ldap-0:2.4.62-13.el9_8.1.s390x.rpm

mod_ldap-debuginfo-0:2.4.62-13.el9_8.1.s390x.rpm

mod_lua-0:2.4.62-13.el9_8.1.s390x.rpm

mod_lua-debuginfo-0:2.4.62-13.el9_8.1.s390x.rpm

mod_proxy_html-1:2.4.62-13.el9_8.1.s390x.rpm

mod_proxy_html-debuginfo-1:2.4.62-13.el9_8.1.s390x.rpm

mod_session-0:2.4.62-13.el9_8.1.s390x.rpm

mod_session-debuginfo-0:2.4.62-13.el9_8.1.s390x.rpm

mod_ssl-1:2.4.62-13.el9_8.1.s390x.rpm

mod_ssl-debuginfo-1:2.4.62-13.el9_8.1.s390x.rpm

Rocky Linux 9 x86_64 - AppStream

httpd-0:2.4.62-13.el9_8.1.src.rpm

httpd-0:2.4.62-13.el9_8.1.x86_64.rpm

httpd-core-0:2.4.62-13.el9_8.1.x86_64.rpm

httpd-core-debuginfo-0:2.4.62-13.el9_8.1.x86_64.rpm

httpd-debuginfo-0:2.4.62-13.el9_8.1.x86_64.rpm

httpd-debugsource-0:2.4.62-13.el9_8.1.x86_64.rpm

httpd-devel-0:2.4.62-13.el9_8.1.x86_64.rpm

httpd-filesystem-0:2.4.62-13.el9_8.1.noarch.rpm

httpd-manual-0:2.4.62-13.el9_8.1.noarch.rpm

httpd-tools-0:2.4.62-13.el9_8.1.x86_64.rpm

httpd-tools-debuginfo-0:2.4.62-13.el9_8.1.x86_64.rpm

mod_ldap-0:2.4.62-13.el9_8.1.x86_64.rpm

mod_ldap-debuginfo-0:2.4.62-13.el9_8.1.x86_64.rpm

mod_lua-0:2.4.62-13.el9_8.1.x86_64.rpm

mod_lua-debuginfo-0:2.4.62-13.el9_8.1.x86_64.rpm

mod_proxy_html-1:2.4.62-13.el9_8.1.x86_64.rpm

mod_proxy_html-debuginfo-1:2.4.62-13.el9_8.1.x86_64.rpm

mod_session-0:2.4.62-13.el9_8.1.x86_64.rpm

mod_session-debuginfo-0:2.4.62-13.el9_8.1.x86_64.rpm

mod_ssl-1:2.4.62-13.el9_8.1.x86_64.rpm

mod_ssl-debuginfo-1:2.4.62-13.el9_8.1.x86_64.rpm