All sites should update apache httpd
or httpd24-httpd
for cve-2021-40438 if you haven’t already done so. Here’s the RHEL link for the same. It should be as simple as updating that package.
https://access.redhat.com/security/cve/cve-2021-40438
As a note - the general guideline for us is that sites should upgrade httpd
or httpd24-httpd
as RHEL is only updating these packages for bug fixes and security fixes. You can (and should) subscribe to RHEL’s security announcements.