MGASA-2025-0301
- Source
- https://advisories.mageia.org/MGASA-2025-0301.html
- Import Source
- https://advisories.mageia.org/MGASA-2025-0301.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2025-0301
- Related
- Published
- 2025-11-18T02:47:26Z
- Modified
- 2025-11-18T02:06:33Z
- Summary
- Updated apache packages fix security vulnerabilities
- Details
-
HTTP response splitting. (CVE-2024-42516) SSRF with modheaders setting Content-Type header. (CVE-2024-43204) modssl error log variable escaping. (CVE-2024-47252) modproxyhttp2 denial of service. (CVE-2025-49630) modssl access control bypass with session resumption. (CVE-2025-23048) modssl TLS upgrade attack. (CVE-2025-49812) HTTP/2 DoS by Memory Increase. (CVE-2025-53020) 'RewriteCond expr' always evaluates to true in 2.4.64. (CVE-2025-54090) You will find the update delay sometimes causes a failure; just restart the service after the update.
- References
-
- https://advisories.mageia.org/MGASA-2025-0301.html
- https://bugs.mageia.org/show_bug.cgi?id=34464
- https://www.openwall.com/lists/oss-security/2025/07/10/2
- https://www.openwall.com/lists/oss-security/2025/07/10/3
- https://www.openwall.com/lists/oss-security/2025/07/10/4
- https://www.openwall.com/lists/oss-security/2025/07/10/6
- https://www.openwall.com/lists/oss-security/2025/07/10/7
- https://www.openwall.com/lists/oss-security/2025/07/10/8
- https://www.openwall.com/lists/oss-security/2025/07/10/9
- https://www.openwall.com/lists/oss-security/2025/07/10/10
- https://www.openwall.com/lists/oss-security/2025/07/24/2
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / apache
Package
- Name
- apache
- Purl
- pkg:rpm/mageia/apache?arch=source&distro=mageia-9