Package apache2: Information

    Source package: apache2
    Version: 2.4.67-alt1
    Latest version according to Repology
    Build time:  May 5, 2026, 05:28 PM in the task #417200
    Category: System/Servers
    Report package bug
    Gear: https://git.altlinux.org/gears/a/apache2.git?a=tree;hb=7e109a68b…
    Home page: https://httpd.apache.org/
    VCS: https://github.com/apache/httpd
    License: Apache-2.0
    Summary: Apache HTTP Server (httpd), modular web server
    Description: 
    Apache is a powerful, full-featured, efficient and freely-available
Web server.
    List of RPM packages built from this SRPM:
    apache2 (x86_64, i586, aarch64)
    apache2-ab (x86_64, i586, aarch64)
    apache2-ab-debuginfo (x86_64, i586, aarch64)
    apache2-base (x86_64, i586, aarch64)
    apache2-base-debuginfo (x86_64, i586, aarch64)
    apache2-cgi-bin (noarch)
    apache2-cgi-bin-printenv (noarch)
    apache2-cgi-bin-test-cgi (noarch)
    apache2-datadirs (noarch)
    apache2-devel (x86_64, i586, aarch64)
    apache2-docs (noarch)
    apache2-full (noarch)
    apache2-htcacheclean (x86_64, i586, aarch64)
    apache2-htcacheclean-control (noarch)
    apache2-htcacheclean-debuginfo (x86_64, i586, aarch64)
    apache2-html (noarch)
    apache2-htpasswd (x86_64, i586, aarch64)
    apache2-htpasswd-debuginfo (x86_64, i586, aarch64)
    apache2-httpd-event (x86_64, i586, aarch64)
    apache2-httpd-event-debuginfo (x86_64, i586, aarch64)
    apache2-httpd-prefork (x86_64, i586, aarch64)
    apache2-httpd-prefork-debuginfo (x86_64, i586, aarch64)
    apache2-httpd-worker (x86_64, i586, aarch64)
    apache2-httpd-worker-debuginfo (x86_64, i586, aarch64)
    apache2-icons (noarch)
    apache2-manual (noarch)
    apache2-manual-addons (noarch)
    apache2-mod_cache_disk (x86_64, i586, aarch64)
    apache2-mod_cache_disk-debuginfo (x86_64, i586, aarch64)
    apache2-mod_http2 (x86_64, i586, aarch64)
    apache2-mod_http2-debuginfo (x86_64, i586, aarch64)
    apache2-mod_ldap (x86_64, i586, aarch64)
    apache2-mod_ldap-debuginfo (x86_64, i586, aarch64)
    apache2-mod_lua (x86_64, i586, aarch64)
    apache2-mod_lua-debuginfo (x86_64, i586, aarch64)
    apache2-mod_proxy_html (x86_64, i586, aarch64)
    apache2-mod_proxy_html-debuginfo (x86_64, i586, aarch64)
    apache2-mod_ssl (x86_64, i586, aarch64)
    apache2-mod_ssl-debuginfo (x86_64, i586, aarch64)
    apache2-mods (x86_64, i586, aarch64)
    apache2-mods-debuginfo (x86_64, i586, aarch64)
    apache2-suexec (x86_64, i586, aarch64)
    apache2-suexec-debuginfo (x86_64, i586, aarch64)
    rpm-build-apache2 (x86_64, i586, aarch64)
    Maintainer: Anton Farygin
    List of contributors:
    Anton Farygin
    Andrey Limachko
    Alexey Shabalin
    Egor Ignatov
    Anton Midyukov
    Paul Wolneykien
    Slava Aseev
    Stanislav Levin
    Igor Vlasenko
    Anton V. Boyarshinov
    Sergey Alembekov
    Aleksey Avdeev
    qa-robot
    Sviatoslav Sviridov
    Dmitry V. Levin
    Yury Konovalov
    ACL:
    Anton Farygin
    @everybody
      1. libaprutil1-devel
      2. libbrotli-devel
      3. libsystemd-devel
      4. libtool >= 3:2.2.6
      5. libcurl-devel
      6. libxml2-devel
      7. libexpat-devel
      8. lua5.3-devel
      9. libgdbm-devel
      10. openssl
      11. perl-DBM
      12. perl-Digest-SHA1
      13. pkg-config
      14. libjansson-devel
      15. libldap-devel
      16. rpm-build-licenses
      17. rpm-macros-alternatives
      18. rpm-macros-apache2 >= 3.13
      19. rpm-macros-condstopstart
      20. rpm-macros-webserver-cgi-bin-control
      21. libnghttp2-devel
      22. sed >= 1:4.2.2-alt1
      23. webserver-common
      24. zlib-devel
      25. libpcre2-devel
      26. libsasl2-devel
      27. libsasl2-plugin-gssapi
      28. libssl-devel

    Last changed

    May 5, 2026 Anton Farygin 1:2.4.67-alt1
    - 2.4.66 -> 2.4.67
- Fixes:
  * CVE-2026-34059: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()
  * CVE-2026-34032: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)
  * CVE-2026-33857: Off-by-one OOB reads in AJP getter functions
  * CVE-2026-33523: multiple modules: HTTP response splitting forwarding malicious status line
  * CVE-2026-33007: mod_authn_socache crash
  * CVE-2026-33006: mod_auth_digest timing attack
  * CVE-2026-29169: mod_dav_lock indirect lock crash
  * CVE-2026-29168: mod_md unrestricted OCSP response
  * CVE-2026-28780: buffer overflow in mod_proxy_ajp via ajp_msg_check_header()
  * CVE-2026-24072: mod_rewrite elevation of privileges via ap_expr
  * CVE-2026-23918: http2: double free and possible RCE on early reset
    Dec. 6, 2025 Anton Farygin 1:2.4.66-alt1
    - 2.4.65 -> 2.4.66 (Fixes: CVE-2025-66200, CVE-2025-65082, CVE-2025-59775,
			CVE-2025-58098, CVE-2025-55753)
- tightened the default_https vhost by
  adding explicit Directory defaults (closes: #51050)
- updated Summary and Description
- built with pcre2
- enabled brotli support
- added lua and http2 modules in separate subpackages
- explicitly enabled cache_disk and socache_shmcb
- folded the downstream patchset in-tree and consolidated packaging patches
- removed apache1 legacy support
- dropped legacy configs and obsolete build options
- dropped Conflicts/Obsoletes from legacy 1.3/2.2 transitions
    July 28, 2025 Anton Farygin 1:2.4.65-alt1
    - 2.4.64 -> 2.4.65 (Fixes: CVE-2025-54090)
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v26.2.2
    Back to top