Release date:
2026-06-15 20:56:45 UTC
Description:
- CVE-2026-42536: mod_xml2enc heap-based buffer overflow via xml2StartParse with untrusted content
- CVE-2026-29170: mod_proxy_ftp cross-site scripting in HTML directory list generation
- CVE-2026-29167: mod_ldap use-after-free in per-directory configuration
- CVE-2026-42535: mod_dav_fs path handling allows direct manipulation of trusted DAV property databases
- CVE-2026-34356: mod_proxy heap-based buffer overflow with malicious backend and ProxyPassReverseCookie*
- CVE-2026-34355: mod_proxy_html buffer overflow allowing attack by an untrusted backend
Updated packages:
-
httpd-2.4.67-1.amzn2.0.1.tuxcare.els2.x86_64.rpm
sha:cf2424b8bf434852b1d2a3acc267a82bdd9f60ad6fc580e41991976ffb643812
-
httpd-devel-2.4.67-1.amzn2.0.1.tuxcare.els2.x86_64.rpm
sha:86b072c0d68ee4dd63c9743d0335a109cafb7598517d1f7e8829347cbfeae44d
-
httpd-filesystem-2.4.67-1.amzn2.0.1.tuxcare.els2.noarch.rpm
sha:e6fa813e04a3a37b28edff6062625e36c533a3a9e7e031a952bb5cecacc36cb5
-
httpd-manual-2.4.67-1.amzn2.0.1.tuxcare.els2.noarch.rpm
sha:7616f9df8aed21b26428e369030c63a65807d43497aba96128e5a206f577e678
-
httpd-tools-2.4.67-1.amzn2.0.1.tuxcare.els2.x86_64.rpm
sha:8bd6462071d20bc27beda37ac4f46593759649db8769ac0c2eed216631a43569
-
mod_ldap-2.4.67-1.amzn2.0.1.tuxcare.els2.x86_64.rpm
sha:f15e0ee545f1d18bf34a0ebd705724ecb9b0a271554928c4428773d131031178
-
mod_md-2.4.67-1.amzn2.0.1.tuxcare.els2.x86_64.rpm
sha:9c7ab4ca08b617c6f373155eecbb8c132b7f9aadc4ffa07f902601f402db524d
-
mod_proxy_html-2.4.67-1.amzn2.0.1.tuxcare.els2.x86_64.rpm
sha:a3b384a0c9381bdec3adbd6988c7c034ef3b475bb5be8dd3a4867af9a12e3140
-
mod_session-2.4.67-1.amzn2.0.1.tuxcare.els2.x86_64.rpm
sha:ee4af02bcd0d9e526d8d2e6d0990bee903cafe60e818406e85ca2d45b2cbd8dc
-
mod_ssl-2.4.67-1.amzn2.0.1.tuxcare.els2.x86_64.rpm
sha:590d1f9b0a38393c98e36292356bbb59854d4d837e50cb458fba79e8a5e773cc
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
