[CLSA-2026:1782209860] httpd: Fix of CVE-2026-43951
Type:
security
Severity:
Moderate
Release date:
2026-06-23 10:17:57 UTC
Description:
- CVE-2026-43951: fix Content-Language array iteration in merge_response_headers (modules/http/http_filters.c) and create_response (modules/http2/h2_c2_filter.c); the http2 hunk is inert in this --disable-http2 build and is kept for upstream fidelity
CVEs fixed:
Updated packages:
  • httpd-2.4.62-4.el9_6.4.tuxcare.els11.x86_64.rpm
    sha:2c5a581c7ae8d2aa49c88ae90cc9fb2e7a4a3b690a1e96597dfc37ea3bd5cea8
  • httpd-core-2.4.62-4.el9_6.4.tuxcare.els11.x86_64.rpm
    sha:eb896df72bc6c8ec6a6eabe2aa6fc4fec82c97dbdd97d2961a4022bdae39717d
  • httpd-devel-2.4.62-4.el9_6.4.tuxcare.els11.x86_64.rpm
    sha:b1d67738c8e11e6ffc4a1fe9c812b14958ab989441fee209fe48f8b5c740c4a2
  • httpd-filesystem-2.4.62-4.el9_6.4.tuxcare.els11.noarch.rpm
    sha:030d22a7e39804d06386dd5de7bc7dc499587f18bff5bcbfb1a5ed1248f49194
  • httpd-manual-2.4.62-4.el9_6.4.tuxcare.els11.noarch.rpm
    sha:e3db2154a44a9ad114436a009858131760951581396eb74bfaa64704797fb937
  • httpd-tools-2.4.62-4.el9_6.4.tuxcare.els11.x86_64.rpm
    sha:a39d5c4f43d61731c584ecdc712e0d204cbfb4414399334d0cd130349635fc52
  • mod_ldap-2.4.62-4.el9_6.4.tuxcare.els11.x86_64.rpm
    sha:456c0dc48e9821c3e08bd81a9794ed9774a994b8990bc78c62b6a2c8b5f10500
  • mod_lua-2.4.62-4.el9_6.4.tuxcare.els11.x86_64.rpm
    sha:8c7b959166c0ee6d53d2afad92e3593a6dbd638ecfbd110dfd6965c89bc63b87
  • mod_proxy_html-2.4.62-4.el9_6.4.tuxcare.els11.x86_64.rpm
    sha:d01e6ea43b9521a63aa06369fe6fbf3258a0b09784a391e638198159946bbaaa
  • mod_session-2.4.62-4.el9_6.4.tuxcare.els11.x86_64.rpm
    sha:c6fc34bec42bfd6306e41e198aa1a45f909d294bffbbb418d31f6871f050f7e0
  • mod_ssl-2.4.62-4.el9_6.4.tuxcare.els11.x86_64.rpm
    sha:51ca99f01107c713bebface00b1970600a070df1f9f7af5c99eb5590f13e5d9d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.