Release date:
2026-05-06 22:40:15 UTC
Description:
* SECURITY UPDATE: double free / possible RCE in mod_http2 stream purge
- debian/patches/CVE-2026-23918.patch: deduplicate inserts into the
spurge array in modules/http2/h2_mplx.c via a new add_for_purge()
helper to prevent the same h2_stream from being freed twice.
- CVE-2026-23918
Updated packages:
-
apache2_2.4.59-1~deb10u1+tuxcare.els4_amd64.deb
sha:7cc3c377a164f7878812b88069f0f601d2b8d466
-
apache2-bin_2.4.59-1~deb10u1+tuxcare.els4_amd64.deb
sha:db3fd8266ee32f605432e751469633db2138b8e3
-
apache2-data_2.4.59-1~deb10u1+tuxcare.els4_all.deb
sha:80d46bbbfac67926ec0eca290b9e1df12789dc37
-
apache2-dev_2.4.59-1~deb10u1+tuxcare.els4_amd64.deb
sha:6d2992163a21ec040124f9f72ee9c4f822ba7344
-
apache2-doc_2.4.59-1~deb10u1+tuxcare.els4_all.deb
sha:745f9b8718a3e058bbdea73ceae586f700925568
-
apache2-ssl-dev_2.4.59-1~deb10u1+tuxcare.els4_amd64.deb
sha:b7f648377007a74759d2ffa0ad8ef8214ed94324
-
apache2-suexec-custom_2.4.59-1~deb10u1+tuxcare.els4_amd64.deb
sha:b7b185ad2f8f7ef5f805c9e8dbcd6b0dcbc96821
-
apache2-suexec-pristine_2.4.59-1~deb10u1+tuxcare.els4_amd64.deb
sha:cc9fefd9ce7e7439befeff8692bdd9ffb830fdfd
-
apache2-utils_2.4.59-1~deb10u1+tuxcare.els4_amd64.deb
sha:161e6bd9b19c04f323fa41a5ce84452496796e11
-
libapache2-mod-md_2.4.59-1~deb10u1+tuxcare.els4_amd64.deb
sha:4f88154f5bae41d9a20a43f5e2ed59bab0b25cb3
-
libapache2-mod-proxy-uwsgi_2.4.59-1~deb10u1+tuxcare.els4_amd64.deb
sha:4e62c8f2fc9f3fe74a6d3b2b58cd9c4ba890e6a6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
