Release date:
2026-07-02 08:23:59 UTC
Description:
- CVE-2026-43951: fix http_filters out-of-bounds read in merge_response_headers
language iteration
- CVE-2026-44119: restrict ap_expr per-directory file functions centrally
- CVE-2026-44185: fix mod_ssl OCSP send_request buffer over-read
- CVE-2026-44186: fix mod_proxy_ftp infinite loop in FTP response iteration
- CVE-2026-44631: fix util_pcre ap_regname buffer underwrite via crafted regex
captures
Updated packages:
-
httpd-2.4.37-39.module_el8.4.0+2439+df3a5201.1.tuxcare.els21.x86_64.rpm
sha:204dfa84d66e851ff5cd24acb6d32ef8fdf99c052729a99248676e367386235f
-
httpd-devel-2.4.37-39.module_el8.4.0+2439+df3a5201.1.tuxcare.els21.x86_64.rpm
sha:ec8dc5892cf421bb0319c2696235a2d3e7be5486a7862ca48a4ff2df96aeabfa
-
httpd-filesystem-2.4.37-39.module_el8.4.0+2439+df3a5201.1.tuxcare.els21.noarch.rpm
sha:e6c0b3e3cd462f7cf355553a06adc9f1fc5db9b351c0b53761389f1a9d4287e1
-
httpd-manual-2.4.37-39.module_el8.4.0+2439+df3a5201.1.tuxcare.els21.noarch.rpm
sha:0c14b1f86f2e8aed11ecbdd036621e2df19fbf7b199ff92b8177cf3ee0ad7b87
-
httpd-tools-2.4.37-39.module_el8.4.0+2439+df3a5201.1.tuxcare.els21.x86_64.rpm
sha:433dff055c5aff6d55dbae1299ed3d971e80aa29d418593b7674b448ddc65df3
-
mod_ldap-2.4.37-39.module_el8.4.0+2439+df3a5201.1.tuxcare.els21.x86_64.rpm
sha:ce5730771bb487ca265e4a0dcc962a2ced545b439e75178eeb26052b83dd89ab
-
mod_proxy_html-2.4.37-39.module_el8.4.0+2439+df3a5201.1.tuxcare.els21.x86_64.rpm
sha:e00d4ceba5cd0caf6e79a1d4996fbbf205d3466925c3dd2324fc77f27a70dc31
-
mod_session-2.4.37-39.module_el8.4.0+2439+df3a5201.1.tuxcare.els21.x86_64.rpm
sha:7ddec402af5f88d89f1f61ef6c60e734f801203da15ebe79fd80d515cbc6dabb
-
mod_ssl-2.4.37-39.module_el8.4.0+2439+df3a5201.1.tuxcare.els21.x86_64.rpm
sha:907feeea56607e2b5211647dae8e4cd24c545137f63ed641bc998f06a74a1660
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.