Release date:
2026-05-06 12:06:20 UTC
Description:
* SECURITY UPDATE: double free and possible remote code execution via
HTTP/2 stream double-purge in mod_http2
- debian/patches/CVE-2026-23918.patch: prevent double purge of a
stream by introducing add_for_purge() helper that checks for
duplicates before adding to the purge queue in
modules/http2/h2_mplx.c
- CVE-2026-23918
Updated packages:
-
apache2_2.4.41-4ubuntu3.23+tuxcare.els3_amd64.deb
sha:319985688f2f3b4fa257be117e49f3470084e026
-
apache2-bin_2.4.41-4ubuntu3.23+tuxcare.els3_amd64.deb
sha:46702d1a43da4494482f0769485f00e9f8afd247
-
apache2-data_2.4.41-4ubuntu3.23+tuxcare.els3_all.deb
sha:2826df4b2656ac87676a1410b8baf3fcfb4f5c41
-
apache2-dev_2.4.41-4ubuntu3.23+tuxcare.els3_amd64.deb
sha:09200488e25387802bccb7e9df71c3fd7956edab
-
apache2-doc_2.4.41-4ubuntu3.23+tuxcare.els3_all.deb
sha:d4399dda7f44c07b5902ce2ab930795bef0f64fe
-
apache2-ssl-dev_2.4.41-4ubuntu3.23+tuxcare.els3_amd64.deb
sha:696c88e3b7a49c12eafc2bf77bbb1986b038a90b
-
apache2-suexec-custom_2.4.41-4ubuntu3.23+tuxcare.els3_amd64.deb
sha:2d6650ad64d09ce26bea394495c395b9d5ca650b
-
apache2-suexec-pristine_2.4.41-4ubuntu3.23+tuxcare.els3_amd64.deb
sha:6e9f532de76d419eff2439c02ca2d0b35e721317
-
apache2-utils_2.4.41-4ubuntu3.23+tuxcare.els3_amd64.deb
sha:d9bfa641609de176b97bfc84c11d7e428675d88d
-
libapache2-mod-md_2.4.41-4ubuntu3.23+tuxcare.els3_amd64.deb
sha:cfd02196527d7f48e45f0ac878ba026b5ee06ca0
-
libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.23+tuxcare.els3_amd64.deb
sha:e37a59f455236dccde5f3245d6533f20d44e6dc3
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
