[CLSA-2026:1778614426] httpd: Fix of 9 CVEs
Type:
security
Severity:
Important
Release date:
2026-05-12 19:33:50 UTC
Description:
- CVE-2026-24072: fix mod_rewrite ap_expr privilege escalation in htaccess - CVE-2026-28780: fix mod_proxy_ajp ajp_msg_check_header buffer over-read - CVE-2026-29169: fix mod_dav_lock NULL pointer dereference - CVE-2026-33006: fix mod_auth_digest timing attack - CVE-2026-33007: fix mod_authn_socache NULL pointer dereference - CVE-2026-33523: fix HTTP response splitting via status line - CVE-2026-33857: fix off-by-one OOB reads in AJP getter functions - CVE-2026-34032: fix ajp_msg_get_string buffer over-read - CVE-2026-34059: fix ajp_parse_data heap over-read
Updated packages:
  • httpd-2.4.37-43.module_el8.5.0+2400+7e4a47e1.tuxcare.els18.x86_64.rpm
    sha:0976c538c56897f0f317ee8f4919111d19bd7c9e80f77a809bda7f4e393a6dc2
  • httpd-devel-2.4.37-43.module_el8.5.0+2400+7e4a47e1.tuxcare.els18.x86_64.rpm
    sha:547c246e3cdb6ae2b950f0ea387855b60731634731093e9661e077d008dd3c42
  • httpd-filesystem-2.4.37-43.module_el8.5.0+2400+7e4a47e1.tuxcare.els18.noarch.rpm
    sha:b28cb226a19cbadf60e53cb16a83507d20ab6400d80dbc60ce31db53e585a6cc
  • httpd-manual-2.4.37-43.module_el8.5.0+2400+7e4a47e1.tuxcare.els18.noarch.rpm
    sha:895a6583139b2ba76823692897bee6adf84d227d7fd99f722f6a65f2e3fa46a2
  • httpd-tools-2.4.37-43.module_el8.5.0+2400+7e4a47e1.tuxcare.els18.x86_64.rpm
    sha:ebdfcce67f7c00f3f816cd1ae88dca5329ac574fac34d9d1e80eda14323d4dbc
  • mod_ldap-2.4.37-43.module_el8.5.0+2400+7e4a47e1.tuxcare.els18.x86_64.rpm
    sha:fd44529f1cc37ae21c2e6e00279a087568e956dda7d1eb808e96786e829dd5ea
  • mod_proxy_html-2.4.37-43.module_el8.5.0+2400+7e4a47e1.tuxcare.els18.x86_64.rpm
    sha:c1f1b140b94bb646fcb5a52c381092cdfb7812ea9e97cf16b3d523d572e20ba7
  • mod_session-2.4.37-43.module_el8.5.0+2400+7e4a47e1.tuxcare.els18.x86_64.rpm
    sha:60df2cf18a3146b5ccf9bb054723d8475c7649ed469b0af281d6a7539f9c94f4
  • mod_ssl-2.4.37-43.module_el8.5.0+2400+7e4a47e1.tuxcare.els18.x86_64.rpm
    sha:b197cace5d1c50417396de035f0628801f4a682b923c7d1e5b4b26e8eb6253c6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.