[CLSA-2026:1782980618] httpd: Fix of 5 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-02 08:23:59 UTC
Description:
- CVE-2026-43951: fix http_filters out-of-bounds read in merge_response_headers language iteration - CVE-2026-44119: restrict ap_expr per-directory file functions centrally - CVE-2026-44185: fix mod_ssl OCSP send_request buffer over-read - CVE-2026-44186: fix mod_proxy_ftp infinite loop in FTP response iteration - CVE-2026-44631: fix util_pcre ap_regname buffer underwrite via crafted regex captures
Updated packages:
  • httpd-2.4.37-39.module_el8.4.0+2439+df3a5201.1.tuxcare.els21.x86_64.rpm
    sha:204dfa84d66e851ff5cd24acb6d32ef8fdf99c052729a99248676e367386235f
  • httpd-devel-2.4.37-39.module_el8.4.0+2439+df3a5201.1.tuxcare.els21.x86_64.rpm
    sha:ec8dc5892cf421bb0319c2696235a2d3e7be5486a7862ca48a4ff2df96aeabfa
  • httpd-filesystem-2.4.37-39.module_el8.4.0+2439+df3a5201.1.tuxcare.els21.noarch.rpm
    sha:e6c0b3e3cd462f7cf355553a06adc9f1fc5db9b351c0b53761389f1a9d4287e1
  • httpd-manual-2.4.37-39.module_el8.4.0+2439+df3a5201.1.tuxcare.els21.noarch.rpm
    sha:0c14b1f86f2e8aed11ecbdd036621e2df19fbf7b199ff92b8177cf3ee0ad7b87
  • httpd-tools-2.4.37-39.module_el8.4.0+2439+df3a5201.1.tuxcare.els21.x86_64.rpm
    sha:433dff055c5aff6d55dbae1299ed3d971e80aa29d418593b7674b448ddc65df3
  • mod_ldap-2.4.37-39.module_el8.4.0+2439+df3a5201.1.tuxcare.els21.x86_64.rpm
    sha:ce5730771bb487ca265e4a0dcc962a2ced545b439e75178eeb26052b83dd89ab
  • mod_proxy_html-2.4.37-39.module_el8.4.0+2439+df3a5201.1.tuxcare.els21.x86_64.rpm
    sha:e00d4ceba5cd0caf6e79a1d4996fbbf205d3466925c3dd2324fc77f27a70dc31
  • mod_session-2.4.37-39.module_el8.4.0+2439+df3a5201.1.tuxcare.els21.x86_64.rpm
    sha:7ddec402af5f88d89f1f61ef6c60e734f801203da15ebe79fd80d515cbc6dabb
  • mod_ssl-2.4.37-39.module_el8.4.0+2439+df3a5201.1.tuxcare.els21.x86_64.rpm
    sha:907feeea56607e2b5211647dae8e4cd24c545137f63ed641bc998f06a74a1660
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.