[CLSA-2026:1778111838] httpd: Fix of 9 CVEs
Type:
security
Severity:
Low
Release date:
2026-05-06 23:57:23 UTC
Description:
- CVE-2026-24072: fix mod_rewrite ap_expr privilege escalation in htaccess - CVE-2026-28780: fix mod_proxy_ajp ajp_msg_check_header buffer over-read - CVE-2026-29169: fix mod_dav_lock NULL pointer dereference - CVE-2026-33006: fix mod_auth_digest timing attack - CVE-2026-33007: fix mod_authn_socache NULL pointer dereference - CVE-2026-33523: fix HTTP response splitting via status line - CVE-2026-33857: fix off-by-one OOB reads in AJP getter functions - CVE-2026-34032: fix ajp_msg_get_string buffer over-read - CVE-2026-34059: fix ajp_parse_data heap over-read
Updated packages:
  • httpd-2.4.37-39.module_el8.4.0+2397+3fe3cdf7.1.tuxcare.els19.x86_64.rpm
    sha:1e219e35e66792ae1ec87cc4b8a0478075851443d63a802aa5d4e2518ac56ada
  • httpd-devel-2.4.37-39.module_el8.4.0+2397+3fe3cdf7.1.tuxcare.els19.x86_64.rpm
    sha:0aecc11e54e632409e725eabc9db24c21136a7cc71dcf39c2e64814e444c2b5e
  • httpd-filesystem-2.4.37-39.module_el8.4.0+2397+3fe3cdf7.1.tuxcare.els19.noarch.rpm
    sha:8df9c57f666d075959dd38e660f0c4256e04e49f728762d08048e88bb0da1e83
  • httpd-manual-2.4.37-39.module_el8.4.0+2397+3fe3cdf7.1.tuxcare.els19.noarch.rpm
    sha:0edce9b0a0258e89c91e11fe70499d75abe42598fb66beeeba54dfe1507fb3a6
  • httpd-tools-2.4.37-39.module_el8.4.0+2397+3fe3cdf7.1.tuxcare.els19.x86_64.rpm
    sha:86345b20b42b5a45fe937218cd21225eb10510e04cd696a52d7aabf5fb59dd23
  • mod_ldap-2.4.37-39.module_el8.4.0+2397+3fe3cdf7.1.tuxcare.els19.x86_64.rpm
    sha:e04decc5efa4ed7133b9bf9942006e87b14c0f9be9c2a0fd0e10ab344eacc621
  • mod_proxy_html-2.4.37-39.module_el8.4.0+2397+3fe3cdf7.1.tuxcare.els19.x86_64.rpm
    sha:5be8d731b508fac553f36cb7ef7650f098c097d780a43759cb617c01a6935bdb
  • mod_session-2.4.37-39.module_el8.4.0+2397+3fe3cdf7.1.tuxcare.els19.x86_64.rpm
    sha:9c1ca982d97878107729cb3f7239f097bf2e14434f8d84d6c1631b4c10ab7227
  • mod_ssl-2.4.37-39.module_el8.4.0+2397+3fe3cdf7.1.tuxcare.els19.x86_64.rpm
    sha:2c9055b0e415e969eed32423734fc382c2bdbf205384d6666004595a4e08659d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.