Release date:
2026-05-14 19:02:37 UTC
Description:
- CVE-2026-34059: fix ajp_parse_data message length check
- CVE-2026-29169: fix mod_dav_lock NULL deref
- CVE-2026-33006: fix mod_auth_digest timing attack
- CVE-2026-24072: restrict ap_expr in htaccess
- CVE-2026-33523: scan outgoing status line for newlines and controls
- CVE-2026-33857: fix length checks in AJP msg_get functions
- CVE-2026-34032: fix ajp_msg_get_string buffer checks
- CVE-2026-33007: validate URL earlier in mod_authn_socache
- CVE-2026-28780: fix ajp_msg_check_header boundary check (companion to CVE-2026-33857)
Updated packages:
-
httpd-2.4.66-1.amzn2.0.1.tuxcare.els1.x86_64.rpm
sha:53df017886958ba084052ab2cd15826999cfd44eb4fb309c8aed7431b97a7dc0
-
httpd-devel-2.4.66-1.amzn2.0.1.tuxcare.els1.x86_64.rpm
sha:02a832b05609cd4c30444fb2717d3a12e7470ba434affb182f4c58462fd66fdb
-
httpd-filesystem-2.4.66-1.amzn2.0.1.tuxcare.els1.noarch.rpm
sha:c171e0f5286ce15a16fcef6a414ce68e2ce7498fc4fd23b8683a6f86baf54ac9
-
httpd-manual-2.4.66-1.amzn2.0.1.tuxcare.els1.noarch.rpm
sha:abe4996c6f2c2fb7a62b70ecf3b8664089ea0ba519aca628a8911d3966b68d2c
-
httpd-tools-2.4.66-1.amzn2.0.1.tuxcare.els1.x86_64.rpm
sha:a81bf9b8eb3cee43689b3701a84b41eae92ff118cbbba1ab492ed8b8bacc9828
-
mod_ldap-2.4.66-1.amzn2.0.1.tuxcare.els1.x86_64.rpm
sha:e1d56922f373780d93533e5ceff4b9e26b3a169c850601bb8c42a6099f55788d
-
mod_md-2.4.66-1.amzn2.0.1.tuxcare.els1.x86_64.rpm
sha:57a0742266c4a1c6ceb08f35a379477c9e0df7a6e4611fd6531b9fa73a98ff18
-
mod_proxy_html-2.4.66-1.amzn2.0.1.tuxcare.els1.x86_64.rpm
sha:768626459c94cc4af18d89d6f914e9e9598eb056a2e761d9cc2c85e6e6fb62d8
-
mod_session-2.4.66-1.amzn2.0.1.tuxcare.els1.x86_64.rpm
sha:25f3d51ccb6d693d8ecb1b96adb5e59b4ec96b6a490f90725e06f19676ae7676
-
mod_ssl-2.4.66-1.amzn2.0.1.tuxcare.els1.x86_64.rpm
sha:18cfc33b43a1bb21eef938c676cf82d716c0cf2112a97c623aeabad6e25b9506
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
