Advisory: CLSA-2025:1758031207
OS: Oracle Linux 6 ELS
Public date: 2025-09-16 14:00:09.296281
Project: httpd
Version: 2.2.15-72.el6.tuxcare.els10
Errata link: https://errata.tuxcare.com/els_os/oraclelinux6els/CLSA-2025-1758031207.html
- CVE-2024-47252: escape characters are now properly handled in mod_ssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to mitigate HTTP desynchronisation attack
Update command: yum update httpd*
httpd-2.2.15-72.el6.tuxcare.els10.x86_64.rpm httpd-devel-2.2.15-72.el6.tuxcare.els10.i686.rpm httpd-devel-2.2.15-72.el6.tuxcare.els10.x86_64.rpm httpd-manual-2.2.15-72.el6.tuxcare.els10.noarch.rpm httpd-tools-2.2.15-72.el6.tuxcare.els10.x86_64.rpm mod_ssl-2.2.15-72.el6.tuxcare.els10.x86_64.rpm