[CLSA-2026:1778174697] httpd: Fix of 9 CVEs
Type:
security
Severity:
Important
Release date:
2026-05-07 17:25:03 UTC
Description:
- CVE-2026-24072: fix mod_rewrite ap_expr privilege escalation in htaccess - CVE-2026-28780: fix mod_proxy_ajp ajp_msg_check_header buffer over-read - CVE-2026-29169: fix mod_dav_lock NULL pointer dereference - CVE-2026-33006: fix mod_auth_digest timing attack - CVE-2026-33007: fix mod_authn_socache NULL pointer dereference - CVE-2026-33523: fix HTTP response splitting via status line - CVE-2026-33857: fix off-by-one OOB reads in AJP getter functions - CVE-2026-34032: fix ajp_msg_get_string buffer over-read - CVE-2026-34059: fix ajp_parse_data heap over-read
Updated packages:
  • httpd-2.4.37-64.module_el8+2399+623e4f50.tuxcare.els6.x86_64.rpm
    sha:9daf10e53289b8cf4837b0ae521ba3030eb94dbae33eca9045f25d15b5e19091
  • httpd-devel-2.4.37-64.module_el8+2399+623e4f50.tuxcare.els6.x86_64.rpm
    sha:dd1c40ad03b1bd7a0f2acb114a0f17da636ba549f422fb7637a6786f2e47383c
  • httpd-filesystem-2.4.37-64.module_el8+2399+623e4f50.tuxcare.els6.noarch.rpm
    sha:ee2bb3507208bea2eeb1cf6f91ce2f6ebef2cf108f011dd578a2f16eb2b60dd7
  • httpd-manual-2.4.37-64.module_el8+2399+623e4f50.tuxcare.els6.noarch.rpm
    sha:0cf81d87ff44348200343cadb552aa4bef4063c92d4c98f8976d574115cd39c6
  • httpd-tools-2.4.37-64.module_el8+2399+623e4f50.tuxcare.els6.x86_64.rpm
    sha:398402914c527967a271b23e2d8aca274478ad625c16499a84dd5ea85f1186f0
  • mod_ldap-2.4.37-64.module_el8+2399+623e4f50.tuxcare.els6.x86_64.rpm
    sha:54206eebbcaff0f4c0ae07b4095a13fb0631ca5a3a6c5901bb8f22b0cc272ef0
  • mod_proxy_html-2.4.37-64.module_el8+2399+623e4f50.tuxcare.els6.x86_64.rpm
    sha:0a09f68d32aab93cf395febc045ab9137f587d30b8d88a132b1b071bb3e3b8e0
  • mod_session-2.4.37-64.module_el8+2399+623e4f50.tuxcare.els6.x86_64.rpm
    sha:e80b8819b3572ac9a947fbabaa22e30a8a1c3fb4dd4ea260b9befb7d41a90d5e
  • mod_ssl-2.4.37-64.module_el8+2399+623e4f50.tuxcare.els6.x86_64.rpm
    sha:4575eaa109996dfc4a650085248f2723f5d4720fd65a3282508c4283cff9e9d8
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.