[CLSA-2026:1781194173] httpd: Fix of 6 CVEs
Type:
security
Severity:
Critical
Release date:
2026-06-11 16:09:57 UTC
Description:
- CVE-2026-29167: fix mod_ldap use-after-free with per-directory LDAP config - CVE-2026-29170: fix mod_proxy_ftp XSS in generated FTP directory listings - CVE-2026-34355: fix mod_proxy_html buffer overflow via ap_varbuf API migration - CVE-2026-34356: fix mod_proxy heap buffer overflow in ProxyPassReverseCookie* handling - CVE-2026-42535: fix mod_dav_fs path handling allowing manipulation of DAV property databases - CVE-2026-42536: fix mod_xml2enc heap buffer overflow in xml2StartParse accounting
CVEs fixed:
Updated packages:
  • httpd-2.4.37-39.module_el8.4.0+2421+a085f2da.1.tuxcare.els20.x86_64.rpm
    sha:d2d0d87cfc1a886cefa754d76e8e481dc0d0e87ea46a1b0dc711e9b0d6ac0c7c
  • httpd-devel-2.4.37-39.module_el8.4.0+2421+a085f2da.1.tuxcare.els20.x86_64.rpm
    sha:fa0260fa9e3089f7d624b4097bafae44a15cebcdc2d69023fe94c3feff228785
  • httpd-filesystem-2.4.37-39.module_el8.4.0+2421+a085f2da.1.tuxcare.els20.noarch.rpm
    sha:c344819e379348988c9eb3d041639214d48d2acd103243904ff6f63ecf280b85
  • httpd-manual-2.4.37-39.module_el8.4.0+2421+a085f2da.1.tuxcare.els20.noarch.rpm
    sha:a3fd66e0d1a2a7fffd83fa8a51ed2058214ace711b6bd77394ea3a1a74c324bd
  • httpd-tools-2.4.37-39.module_el8.4.0+2421+a085f2da.1.tuxcare.els20.x86_64.rpm
    sha:ddbee4eb3d716078534b66ff920532cf9a1707c5a4c0a90f77be6e0511e9d750
  • mod_ldap-2.4.37-39.module_el8.4.0+2421+a085f2da.1.tuxcare.els20.x86_64.rpm
    sha:ac3e396a005e413e75d3baec111c9d58873a62f0f5a29e036492828c638d804f
  • mod_proxy_html-2.4.37-39.module_el8.4.0+2421+a085f2da.1.tuxcare.els20.x86_64.rpm
    sha:fc6747df40c08d3ec8789e5e81b134bfd38c45073033e8e5a5b9b9312a76b265
  • mod_session-2.4.37-39.module_el8.4.0+2421+a085f2da.1.tuxcare.els20.x86_64.rpm
    sha:54cf9f3a9bba53664a2eb23d99764e0418acb7621fe4331ca302036b307d5197
  • mod_ssl-2.4.37-39.module_el8.4.0+2421+a085f2da.1.tuxcare.els20.x86_64.rpm
    sha:66fabcce8e40aeaa9c11bbfeb32b68a2b67953287f7670347589763a05a59be4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.