Updated apache packages fix security vulnerabilities
Publication date: 18 Nov 2025Modification date: 18 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-42516 , CVE-2024-43204 , CVE-2024-47252 , CVE-2025-49630 , CVE-2025-23048 , CVE-2025-49812 , CVE-2025-53020 , CVE-2025-54090
Description
HTTP response splitting. (CVE-2024-42516)
SSRF with mod_headers setting Content-Type header. (CVE-2024-43204)
mod_ssl error log variable escaping. (CVE-2024-47252)
mod_proxy_http2 denial of service. (CVE-2025-49630)
mod_ssl access control bypass with session resumption. (CVE-2025-23048)
mod_ssl TLS upgrade attack. (CVE-2025-49812)
HTTP/2 DoS by Memory Increase. (CVE-2025-53020)
'RewriteCond expr' always evaluates to true in 2.4.64. (CVE-2025-54090)
You will find the update delay sometimes causes a failure; just restart
the service after the update.
References
- https://bugs.mageia.org/show_bug.cgi?id=34464
- https://www.openwall.com/lists/oss-security/2025/07/10/2
- https://www.openwall.com/lists/oss-security/2025/07/10/3
- https://www.openwall.com/lists/oss-security/2025/07/10/4
- https://www.openwall.com/lists/oss-security/2025/07/10/6
- https://www.openwall.com/lists/oss-security/2025/07/10/7
- https://www.openwall.com/lists/oss-security/2025/07/10/8
- https://www.openwall.com/lists/oss-security/2025/07/10/9
- https://www.openwall.com/lists/oss-security/2025/07/10/10
- https://www.openwall.com/lists/oss-security/2025/07/24/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42516
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43204
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47252
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49630
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23048
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49812
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53020
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54090
SRPMS
9/core
- apache-2.4.65-1.mga9