Release date:
2026-06-22 15:21:53 UTC
Description:
* SECURITY UPDATE: mod_xml2enc heap-based buffer overflow via xml2StartParse with untrusted content
- debian/patches/CVE-2026-42536.patch: mod_xml2enc heap-based buffer overflow via xml2StartParse with untrusted content
- CVE-2026-42536
* SECURITY UPDATE: mod_proxy_ftp cross-site scripting in HTML directory list generation
- debian/patches/CVE-2026-29170.patch: mod_proxy_ftp cross-site scripting in HTML directory list generation
- CVE-2026-29170
* SECURITY UPDATE: mod_ldap use-after-free in per-directory configuration
- debian/patches/CVE-2026-29167.patch: mod_ldap use-after-free in per-directory configuration
- CVE-2026-29167
* SECURITY UPDATE: mod_dav_fs path handling allows direct manipulation of trusted DAV property databases
- debian/patches/CVE-2026-42535.patch: mod_dav_fs path handling allows direct manipulation of trusted DAV property databases
- CVE-2026-42535
* SECURITY UPDATE: mod_proxy_html buffer overflow allowing attack by an untrusted backend
- debian/patches/CVE-2026-34355.patch: mod_proxy_html buffer overflow allowing attack by an untrusted backend
- CVE-2026-34355
Updated packages:
-
apache2_2.4.18-2ubuntu3.17+tuxcare.els20_amd64.deb
sha:052105df3626871dbffd7684afeac4cff5071553
-
apache2-bin_2.4.18-2ubuntu3.17+tuxcare.els20_amd64.deb
sha:abeca0b1dc3210f5b85837bf1172fb2acc4e8a89
-
apache2-data_2.4.18-2ubuntu3.17+tuxcare.els20_all.deb
sha:bdd994bbbceb8b26ce6411ed5c309ecb8a104e1b
-
apache2-dev_2.4.18-2ubuntu3.17+tuxcare.els20_amd64.deb
sha:7f7c6cd939e89031bb07624bf23042cd971ef167
-
apache2-doc_2.4.18-2ubuntu3.17+tuxcare.els20_all.deb
sha:7081e639f6c03cfbab3eb8c3f001bf0b401fc9dc
-
apache2-suexec-custom_2.4.18-2ubuntu3.17+tuxcare.els20_amd64.deb
sha:a216cc49073759403ac08a4334bdec7e9a8e08b6
-
apache2-suexec-pristine_2.4.18-2ubuntu3.17+tuxcare.els20_amd64.deb
sha:969fa0f9c1a587064959318f4e5761e8f025f883
-
apache2-utils_2.4.18-2ubuntu3.17+tuxcare.els20_amd64.deb
sha:fbb025eeac2360a3716f653c257998ac789daace
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.