[CLSA-2026:1782212784] httpd: Fix of CVE-2026-44631
Type:
security
Severity:
Important
Release date:
2026-06-23 11:06:39 UTC
Description:
- CVE-2026-44631: fix buffer underwrite in ap_regname() caused by signed char regex capture-name offsets producing negative capture indices and corrupting memory; cast the name-table offset bytes to unsigned char and reject unreasonably large capture group numbers
CVEs fixed:
Updated packages:
  • httpd-2.4.53-11.el9_2.5.tuxcare.els20.x86_64.rpm
    sha:1ab5c3c20b518019456bd484d51ea2217a4fa374ad9332a4ac4c38d8a8983f13
  • httpd-core-2.4.53-11.el9_2.5.tuxcare.els20.x86_64.rpm
    sha:5a7a174b3479fafb04ae0e60d15e0894efe841bd9438e343e158d72feef90443
  • httpd-devel-2.4.53-11.el9_2.5.tuxcare.els20.x86_64.rpm
    sha:9f31c0f6289c8b61a58f49d3373467b256723337c44189a0b7915d62044525be
  • httpd-filesystem-2.4.53-11.el9_2.5.tuxcare.els20.noarch.rpm
    sha:be529aa02c3be2cb3c8956679ade3b79d799cf696c055b9acb97eec6bc734bf6
  • httpd-manual-2.4.53-11.el9_2.5.tuxcare.els20.noarch.rpm
    sha:ba977bdda9178c1732b26c2834c3c5dbc7672daaf59a80ba12bec91f4b8166a0
  • httpd-tools-2.4.53-11.el9_2.5.tuxcare.els20.x86_64.rpm
    sha:12b0892de20947acf2ff5a5dbb44a0d79078ddd234dbaad4fb09be7ec6d5466f
  • mod_ldap-2.4.53-11.el9_2.5.tuxcare.els20.x86_64.rpm
    sha:cec2a1cb3b3599d6f7468e66b03374236763a92aa95e3d3b4d2a6997b3e49709
  • mod_lua-2.4.53-11.el9_2.5.tuxcare.els20.x86_64.rpm
    sha:ed35550cc259c0afb3fafb9626793e4a7193a3a55510c7071d5f56d7e7d58fdb
  • mod_proxy_html-2.4.53-11.el9_2.5.tuxcare.els20.x86_64.rpm
    sha:2d300d5d99a43fa169a8a3dc7ad4dc6b75f58da6192991a58e8bf9978b5cadc0
  • mod_session-2.4.53-11.el9_2.5.tuxcare.els20.x86_64.rpm
    sha:16c17decf1a1d08fb55f5ccfdbd827853c11d64ab9bfe83335c47c3cdf6eacd3
  • mod_ssl-2.4.53-11.el9_2.5.tuxcare.els20.x86_64.rpm
    sha:8e21d80416bcaa6952e31b0558aac1b86b48b35856a10189d06f8872e3bfbe63
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.