[CLSA-2026:1782978404] httpd: Fix of 5 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-02 07:47:04 UTC
Description:
- CVE-2026-43951: fix mod_headers/mod_mime out-of-bounds read in merge_response_headers content-language iteration - CVE-2026-44119: fix improper privilege management allowing .htaccess authors to invoke file functions in restricted contexts - CVE-2026-44185: fix mod_ssl OCSP buffer over-read in ssl_util_ocsp send_request - CVE-2026-44186: fix mod_proxy_ftp infinite loop on crafted backend FTP response - CVE-2026-44631: fix ap_regname buffer underwrite via crafted named capture in configuration regex
Updated packages:
  • httpd-2.4.37-43.module_el8.5.0+2429+d3e3ecd8.tuxcare.els20.x86_64.rpm
    sha:2a24e1e6babe9e27fc1b0691e17637e9913b6879deb5277b929f706bb64ff9b7
  • httpd-devel-2.4.37-43.module_el8.5.0+2429+d3e3ecd8.tuxcare.els20.x86_64.rpm
    sha:29326c6ccfa4dd07a4041f725f07113ccc097661a053e47cabdd69c610b92c55
  • httpd-filesystem-2.4.37-43.module_el8.5.0+2429+d3e3ecd8.tuxcare.els20.noarch.rpm
    sha:b9519e1239fad74c4282dc8c9eb8833ca12efc7e37c5b45cba1e50a81e24efc4
  • httpd-manual-2.4.37-43.module_el8.5.0+2429+d3e3ecd8.tuxcare.els20.noarch.rpm
    sha:8db748d9d7224b556061848e86e0a44bf4afa024fbd7adc59b054ba3b77bf7d8
  • httpd-tools-2.4.37-43.module_el8.5.0+2429+d3e3ecd8.tuxcare.els20.x86_64.rpm
    sha:b0fa3d89d639b6068a37aca7fa73b0cdb5769c83fafd172751a93ea7541935ac
  • mod_ldap-2.4.37-43.module_el8.5.0+2429+d3e3ecd8.tuxcare.els20.x86_64.rpm
    sha:4b0527dfd2ab1819fa439fd49d549e46192a7ad414e40c9252084671309c3e5e
  • mod_proxy_html-2.4.37-43.module_el8.5.0+2429+d3e3ecd8.tuxcare.els20.x86_64.rpm
    sha:41ad479e890a17ec9006712b55759e803d6ba3b32e7507899af7f717aa3570c9
  • mod_session-2.4.37-43.module_el8.5.0+2429+d3e3ecd8.tuxcare.els20.x86_64.rpm
    sha:3b35d025834c4e33116e2467297664d2cff9eeda37d9598f1f0fa53b78aca67c
  • mod_ssl-2.4.37-43.module_el8.5.0+2429+d3e3ecd8.tuxcare.els20.x86_64.rpm
    sha:cba1c43d2339b6a2e0b208deb54338152ef67902ad84d87f2d7475e768dcd58c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.