[CLSA-2026:1782141694] Fix of 5 CVEs
Type:
security
Severity:
Critical
Release date:
2026-06-22 15:21:53 UTC
Description:
* SECURITY UPDATE: mod_xml2enc heap-based buffer overflow via xml2StartParse with untrusted content - debian/patches/CVE-2026-42536.patch: mod_xml2enc heap-based buffer overflow via xml2StartParse with untrusted content - CVE-2026-42536 * SECURITY UPDATE: mod_proxy_ftp cross-site scripting in HTML directory list generation - debian/patches/CVE-2026-29170.patch: mod_proxy_ftp cross-site scripting in HTML directory list generation - CVE-2026-29170 * SECURITY UPDATE: mod_ldap use-after-free in per-directory configuration - debian/patches/CVE-2026-29167.patch: mod_ldap use-after-free in per-directory configuration - CVE-2026-29167 * SECURITY UPDATE: mod_dav_fs path handling allows direct manipulation of trusted DAV property databases - debian/patches/CVE-2026-42535.patch: mod_dav_fs path handling allows direct manipulation of trusted DAV property databases - CVE-2026-42535 * SECURITY UPDATE: mod_proxy_html buffer overflow allowing attack by an untrusted backend - debian/patches/CVE-2026-34355.patch: mod_proxy_html buffer overflow allowing attack by an untrusted backend - CVE-2026-34355
Updated packages:
  • apache2_2.4.18-2ubuntu3.17+tuxcare.els20_amd64.deb
    sha:052105df3626871dbffd7684afeac4cff5071553
  • apache2-bin_2.4.18-2ubuntu3.17+tuxcare.els20_amd64.deb
    sha:abeca0b1dc3210f5b85837bf1172fb2acc4e8a89
  • apache2-data_2.4.18-2ubuntu3.17+tuxcare.els20_all.deb
    sha:bdd994bbbceb8b26ce6411ed5c309ecb8a104e1b
  • apache2-dev_2.4.18-2ubuntu3.17+tuxcare.els20_amd64.deb
    sha:7f7c6cd939e89031bb07624bf23042cd971ef167
  • apache2-doc_2.4.18-2ubuntu3.17+tuxcare.els20_all.deb
    sha:7081e639f6c03cfbab3eb8c3f001bf0b401fc9dc
  • apache2-suexec-custom_2.4.18-2ubuntu3.17+tuxcare.els20_amd64.deb
    sha:a216cc49073759403ac08a4334bdec7e9a8e08b6
  • apache2-suexec-pristine_2.4.18-2ubuntu3.17+tuxcare.els20_amd64.deb
    sha:969fa0f9c1a587064959318f4e5761e8f025f883
  • apache2-utils_2.4.18-2ubuntu3.17+tuxcare.els20_amd64.deb
    sha:fbb025eeac2360a3716f653c257998ac789daace
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.