[slackware-security] httpd

New httpd packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.64-i586-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. The update resolves a range of issue...

CVE-2025-7421

A vulnerability was found in Tenda O3V2 1.0.0.123880. It has been rated as critical. This issue affects the function fromMacFilterModify of the file /goform/operateMacFilter of the component httpd. The manipulation of the argument mac leads to stack-based buffer overflow. The attack may be...

CVE-2025-7423 Tenda O3V2 httpd setWrlFilterList formWifiMacFilterSet stack-based overflow

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.123880. Affected by this vulnerability is the function formWifiMacFilterSet of the file /goform/setWrlFilterList of the component httpd. The manipulation of the argument macList leads to stack-based buffer overflow. The attack c...

Slackware Linux 15.0 / current httpd Multiple Vulnerabilities (SSA:2025-192-02)

The version of httpd installed on the remote host is prior to 2.4.64. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-192-02 advisory. New httpd packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

CVE-2025-7420 Tenda O3V2 httpd setWrlBasicInfo formWifiBasicSet stack-based overflow

A vulnerability was found in Tenda O3V2 1.0.0.123880. It has been declared as critical. This vulnerability affects the function formWifiBasicSet of the file /goform/setWrlBasicInfo of the component httpd. The manipulation of the argument extChannel leads to stack-based buffer overflow. The attack...

CVE-2025-7420

CVE-2025-7420 affects Tenda O3V2 (version 1.0.0.12(3880)). The vulnerability is in the httpd component’s function setWrlBasicInfo (formWifiBasicSet). The root cause is a stack-based buffer overflow triggered by manipulating the extChannel argument in /goform/setWrlBasicInfo. It is remotely exploi...

CVE-2025-7419

A vulnerability was found in Tenda O3V2 1.0.0.123880. It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. It is possible to initiate the...

CVE-2025-7419

The CVE-2025-7419 entry applies to Tenda O3V2, version 1.0.0.12(3880). The vulnerability is in the httpd component, specifically the fromSpeedTestSet function in /goform/setRateTest. The destIP parameter length validation is inadequate, causing a stack-based buffer overflow that can be exploited ...

CVE-2025-7419 Tenda O3V2 httpd setRateTest fromSpeedTestSet stack-based overflow

A vulnerability was found in Tenda O3V2 1.0.0.123880. It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. It is possible to initiate the...

CVE-2025-7418 Tenda O3V2 httpd setPing fromPingResultGet stack-based overflow

A vulnerability was found in Tenda O3V2 1.0.0.123880 and classified as critical. Affected by this issue is the function fromPingResultGet of the file /goform/setPing of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. The attack may be launched...

CVE-2025-7416 Tenda O3V2 httpd setSysTimeInfo fromSysToolTime stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda O3V2 1.0.0.123880. Affected is the function fromSysToolTime of the file /goform/setSysTimeInfo of the component httpd. The manipulation of the argument Time leads to stack-based buffer overflow. It is possible to launch the...

CVE-2025-7416 Tenda O3V2 httpd setSysTimeInfo fromSysToolTime stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda O3V2 1.0.0.123880. Affected is the function fromSysToolTime of the file /goform/setSysTimeInfo of the component httpd. The manipulation of the argument Time leads to stack-based buffer overflow. It is possible to launch the...

CVE-2025-7415

A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.123880. This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to command injection. The attack may be initiated...

CVE-2025-7414

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.123880. This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely...

CVE-2025-7414

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.123880. This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely...

AZL-65097 CVE-2025-49812 affecting package httpd for versions less than 2.4.64-1

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...

AZL-65109 CVE-2025-53020 affecting package httpd for versions less than 2.4.64-1

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue...

AZL-65223 CVE-2025-23048 affecting package httpd for versions less than 2.4.64-1

In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...

AZL-65163 CVE-2025-23048 affecting package httpd for versions less than 2.4.64-1

In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...

UBUNTU-CVE-2025-49630

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in modproxyhttp2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with...