Advisory: CLSA-2025:1758035329
OS: CentOS 7 ELS
Public date: 2025-09-16 15:08:51.402915
Project: httpd
Version: 2.4.6-99.0.5.el7.centos.1.tuxcare.els6
Errata link: https://errata.tuxcare.com/els_os/centos7els/CLSA-2025-1758035329.html
- CVE-2024-47252: escape user-supplied data in mod_ssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to prevent HTTP desynchronisation attack
Update command: yum update httpd*
httpd-2.4.6-99.0.5.el7.centos.1.tuxcare.els6.x86_64.rpm httpd-devel-2.4.6-99.0.5.el7.centos.1.tuxcare.els6.x86_64.rpm httpd-manual-2.4.6-99.0.5.el7.centos.1.tuxcare.els6.noarch.rpm httpd-tools-2.4.6-99.0.5.el7.centos.1.tuxcare.els6.x86_64.rpm mod_ldap-2.4.6-99.0.5.el7.centos.1.tuxcare.els6.x86_64.rpm mod_proxy_html-2.4.6-99.0.5.el7.centos.1.tuxcare.els6.x86_64.rpm mod_session-2.4.6-99.0.5.el7.centos.1.tuxcare.els6.x86_64.rpm mod_ssl-2.4.6-99.0.5.el7.centos.1.tuxcare.els6.x86_64.rpm