SUSE SLES15 Security Update : apache2 (SUSE-SU-2026:2103-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2103-1 advisory. This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957....

USN-7968-2 apache2 regression

USN-7968-1 fixed vulnerabilities in Apache HTTP Server. The update introduced a regression in modmd where the MDStapleOthers setting was ignored which resulted in OCSP being broken for some domains. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It w...

[R1] Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2

R1 Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2 Arnie Cabral Tue, 02/17/2026 - 08:32 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components...

OPENSUSE-SU-2026:20030-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2025-55753: Fixed modmd ACME, unintended retry intervals bsc1254511 - CVE-2025-58098: Fixed Server Side Includes adds query string to exec cmd bsc1254512 - CVE-2025-65082: Fixed CGI environment variable override bsc1254514 - CVE-2025-66200...

TencentOS Server 2: httpd (TSSA-2025:0801)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0801 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

Photon OS 4.0: Apache PHSA-2025-4.0-0835

An update of the apache package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0835. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Apache PHSA-2025-4.0-0850

An update of the apache package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0850. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

[SECURITY] [DLA 4192-1] modsecurity-apache security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4192-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk May 29, 2025 https://wiki.debian.org/LTS -...

Photon OS 4.0: Apache PHSA-2024-4.0-0711

An update of the apache package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0711. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

MGASA-2024-0118 Updated apache packages fix security vulnerabilities

Apache has been updated to version 2.4.59 to fix CVE-2024-27316, CVE-2024-24795 and CVE-2023-38709. CVE-2024-27316: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames cve.mitre.org HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in...

SUSE-SU-2023:0185-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in modproxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body bsc1207251. - CVE-2022-36760: Fixed an issue in...

Mageia: Security Advisory (MGASA-2018-0460)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALPINE-CVE-2018-8011

By specially crafting HTTP requests, the modmd challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.33...

SUSE-SU-2018:0261-1 Recommended update for apache2

This update for apache2 fixes several issues. These security issues were fixed: - CVE-2017-9789: When under stress closing many connections the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour bsc1048575. - CVE-2017-7659: A...

SUSE-SU-2017:1714-1 Security update for apache2

This update for apache2 provides the following fixes: Security issues fixed: - CVE-2017-3167: In Apache use of httpd apgetbasicauthpw outside of the authentication phase could lead to authentication requirements bypass bsc1045065 - CVE-2017-3169: In modssl may have a dereference NULL pointer issu...

SUSE-SU-2015:1885-1 Security update for apache2

Apache was updated to fix one security vulnerability and two bugs. Following security issue was fixed. - Fix the chunked transfer coding implementation in the Apache bsc938728, CVE-2015-3183 Bugs fixed: - add SSLSessionTickets directive bsc941676 - hardcode modules %files bsc444878 - only enable...

Important: Red Hat Security Advisory: apache security update for Stronghold

An updated version of Apache that addresses several security issues is now available for Stronghold 4.0 for Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP server is a powerful, full-featured, efficient, and...

[slackware-security] apache+mod_ssl

New apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix a security issue. Apache has been upgraded to version 1.3.33 which fixes a buffer overflow which may allow local users to execute arbitrary code as the apache user. The modssl package has also been upgraded t...

Debian DSA-021-1 : apache - insecure tempfile bug, broken mod_rewrite

WireX have found some occurrences of insecure opening of temporary files in htdigest and htpasswd. Both programs are not installed setuid or setgid and thus the impact should be minimal. The Apache group has released another security bugfix which fixes a vulnerability in modrewrite which may resu...

Mandrake Linux Security Advisory : apache (MDKSA-2002:039-2)

Please note that this advisory supersedes the previous MDKSA-2002:039 and MDKSA-2002:039-1 advisories. MandrakeSoft is urging all users of Mandrake Linux to update their Apache installations immediately. What was previously thought to have been a DoS-only condition has now been proven to be more...