[Apollo] Advisories Statistics light light Login

RLSA-2026:21433

Security Mirrored from RHSA-2026:21433
Issued at: 2026-06-04
Updated at: 2026-06-04

Synopsis

Important: httpd security update



Description

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059)

* httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032)

* httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857)

* httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash (CVE-2026-33007)

* Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 10 aarch64 Rocky Linux 10 ppc64le Rocky Linux 10 riscv64 Rocky Linux 10 s390x Rocky Linux 10 x86_64

Fixes

2464940 2464953 2466913 2464952 2465299

CVEs

CVE-2026-28780 CVE-2026-33007 CVE-2026-33857 CVE-2026-34032 CVE-2026-34059

Affected packages

Rocky Linux 10 ppc64le - AppStream

mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le.rpm mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le.rpm httpd-tools-0:2.4.63-13.el10_2.1.ppc64le.rpm mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le.rpm httpd-filesystem-0:2.4.63-13.el10_2.1.noarch.rpm httpd-devel-0:2.4.63-13.el10_2.1.ppc64le.rpm httpd-0:2.4.63-13.el10_2.1.src.rpm mod_session-0:2.4.63-13.el10_2.1.ppc64le.rpm httpd-0:2.4.63-13.el10_2.1.ppc64le.rpm mod_ssl-1:2.4.63-13.el10_2.1.ppc64le.rpm mod_lua-0:2.4.63-13.el10_2.1.ppc64le.rpm httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le.rpm mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le.rpm httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le.rpm httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le.rpm mod_ldap-0:2.4.63-13.el10_2.1.ppc64le.rpm httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le.rpm mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le.rpm mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le.rpm httpd-core-0:2.4.63-13.el10_2.1.ppc64le.rpm httpd-manual-0:2.4.63-13.el10_2.1.noarch.rpm

Rocky Linux 10 s390x - AppStream

mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x.rpm httpd-tools-0:2.4.63-13.el10_2.1.s390x.rpm mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x.rpm mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x.rpm mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x.rpm mod_proxy_html-1:2.4.63-13.el10_2.1.s390x.rpm httpd-filesystem-0:2.4.63-13.el10_2.1.noarch.rpm httpd-0:2.4.63-13.el10_2.1.src.rpm httpd-0:2.4.63-13.el10_2.1.s390x.rpm mod_session-0:2.4.63-13.el10_2.1.s390x.rpm httpd-devel-0:2.4.63-13.el10_2.1.s390x.rpm mod_ssl-1:2.4.63-13.el10_2.1.s390x.rpm httpd-debugsource-0:2.4.63-13.el10_2.1.s390x.rpm mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x.rpm httpd-core-0:2.4.63-13.el10_2.1.s390x.rpm httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x.rpm httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x.rpm mod_ldap-0:2.4.63-13.el10_2.1.s390x.rpm httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x.rpm mod_lua-0:2.4.63-13.el10_2.1.s390x.rpm httpd-manual-0:2.4.63-13.el10_2.1.noarch.rpm

Rocky Linux 10 x86_64 - AppStream

mod_lua-0:2.4.63-13.el10_2.1.x86_64.rpm httpd-core-0:2.4.63-13.el10_2.1.x86_64.rpm mod_ssl-1:2.4.63-13.el10_2.1.x86_64.rpm httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64.rpm httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64.rpm httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64.rpm httpd-filesystem-0:2.4.63-13.el10_2.1.noarch.rpm httpd-tools-0:2.4.63-13.el10_2.1.x86_64.rpm httpd-0:2.4.63-13.el10_2.1.src.rpm httpd-0:2.4.63-13.el10_2.1.x86_64.rpm mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64.rpm mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64.rpm mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64.rpm mod_session-0:2.4.63-13.el10_2.1.x86_64.rpm mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64.rpm mod_ldap-0:2.4.63-13.el10_2.1.x86_64.rpm httpd-devel-0:2.4.63-13.el10_2.1.x86_64.rpm mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64.rpm mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64.rpm httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64.rpm httpd-manual-0:2.4.63-13.el10_2.1.noarch.rpm

Rocky Linux 10 aarch64 - AppStream

mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64.rpm mod_lua-0:2.4.63-13.el10_2.1.aarch64.rpm mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64.rpm httpd-filesystem-0:2.4.63-13.el10_2.1.noarch.rpm mod_ldap-0:2.4.63-13.el10_2.1.aarch64.rpm mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64.rpm httpd-0:2.4.63-13.el10_2.1.aarch64.rpm httpd-0:2.4.63-13.el10_2.1.src.rpm httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64.rpm mod_ssl-1:2.4.63-13.el10_2.1.aarch64.rpm httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64.rpm httpd-tools-0:2.4.63-13.el10_2.1.aarch64.rpm httpd-core-0:2.4.63-13.el10_2.1.aarch64.rpm mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64.rpm httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64.rpm httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64.rpm mod_session-0:2.4.63-13.el10_2.1.aarch64.rpm mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64.rpm mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64.rpm httpd-devel-0:2.4.63-13.el10_2.1.aarch64.rpm httpd-manual-0:2.4.63-13.el10_2.1.noarch.rpm

Rocky Linux 10 riscv64 - AppStream

httpd-filesystem-0:2.4.63-13.el10_2.1.noarch.rpm httpd-0:2.4.63-13.el10_2.1.src.rpm httpd-manual-0:2.4.63-13.el10_2.1.noarch.rpm