Release date:
2026-05-11 22:15:05 UTC
Description:
- CVE-2026-29169: mod_dav_lock: use the right dav_lock_discovery (refresh lock metadata mismatch)
- CVE-2026-33857: mod_proxy_ajp: fix length checks in AJP msg_get functions
- CVE-2026-34032: mod_proxy_ajp: fix ajp_msg_get_string buffer checks
- CVE-2026-34059: mod_proxy_ajp: fix ajp_parse_data message length check
- CVE-2026-33523: scan outgoing status line for newlines and control characters
- CVE-2026-33007: mod_authn_socache: validate URL earlier
- CVE-2026-33006: mod_auth_digest: tighten input validation and use constant-time comparison
- CVE-2026-24072: mod_rewrite, mod_setenvif: use AP_EXPR_FLAG_RESTRICTED in htaccess context
Updated packages:
-
httpd-2.4.6-99.el7.1.tuxcare.els12.x86_64.rpm
sha:fa03d9417438ae0e642f9deebb86f9d8623654c995725ea3e47029cb218eea75
-
httpd-devel-2.4.6-99.el7.1.tuxcare.els12.x86_64.rpm
sha:de6432e1dd71506aeaeee20b8e4aaf100c25e235f9f3af5a4c825aed6b044c32
-
httpd-manual-2.4.6-99.el7.1.tuxcare.els12.noarch.rpm
sha:14be0ec805b0539c1ab1768c911ce4878cff02bd7e1428cba27db4efda2084a5
-
httpd-tools-2.4.6-99.el7.1.tuxcare.els12.x86_64.rpm
sha:3a949a0f5331ee138c2a105ca345dd39db32b76d024959a9b3835585db0dc9f0
-
mod_ldap-2.4.6-99.el7.1.tuxcare.els12.x86_64.rpm
sha:7d63f76c3c6e308382c1be42c83290dc5e23461863a7a66b2f58a02a7a6bb8b9
-
mod_proxy_html-2.4.6-99.el7.1.tuxcare.els12.x86_64.rpm
sha:f409ab4d9c8733462ee0da8d64b0551a6a2a05fe0ba7718342c379bd5cdc79ab
-
mod_session-2.4.6-99.el7.1.tuxcare.els12.x86_64.rpm
sha:f3944317fa26f68fb54550f427d39cf554be794f836b3fecf713734d93e8afd1
-
mod_ssl-2.4.6-99.el7.1.tuxcare.els12.x86_64.rpm
sha:0f26abba27a7e8d07a12671a94cab761c1024dfa9eeb49cf9879b8ba6ffb5503
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
