Issued at: 2026-07-07
Updated at: 2026-07-07
Synopsis
Important: httpd security, bug fix, and enhancement update
Description
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* httpd: incomplete fix for CVE-2023-38709 (CVE-2024-42516)
* httpd: NULL pointer dereference via specially crafted request (CVE-2026-29169)
* httpd: Apache HTTP Server: Heap-based Buffer Overflow via malicious backend servers (CVE-2026-34356)
* httpd: Apache HTTP Server: Buffer Over-read via outbound OCSP requests to attacker-controlled server (CVE-2026-44185)
* httpd: Apache HTTP Server: Denial of Service via crafted regular expressions (CVE-2026-44631)
* httpd: Apache HTTP Server: Heap-based Buffer Overflow via untrusted content in mod_xml2enc (CVE-2026-42536)
* httpd: Apache HTTP Server: Buffer overflow in mod_proxy_html allows security bypass (CVE-2026-34355)
Bug Fix(es) and Enhancement(s):
* address Moderate severity issues from httpd 2.4.68 [rhel-10.2.z] (JIRA:Rocky Linux-184518)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.