[CLSA-2026:1782293598] Fix CVE(s): CVE-2026-44119, CVE-2026-44185, CVE-2026-44186, CVE-2026-44631
Type:
security
Severity:
Important
Release date:
2026-06-24 09:33:40 UTC
Description:
* SECURITY UPDATE: mod_proxy_ftp infinite loop in Retry-After parsing - debian/patches/CVE-2026-44186.patch: advance secs_str in the digit-scan loop in modules/proxy/mod_proxy_ftp.c. - CVE-2026-44186 * SECURITY UPDATE: mod_ssl OCSP request corruption on short socket write - debian/patches/CVE-2026-44185.patch: advance the write buffer by the bytes actually sent (wlen) in modules/ssl/ssl_util_ocsp.c. - CVE-2026-44185 * SECURITY UPDATE: ap_regname unbounded capture-group allocation (DoS) - debian/patches/CVE-2026-44631.patch: read capture index bytes as unsigned and reject captures > 1024 in server/util_pcre.c, and treat a negative ap_regname() return as an error in server/core.c and modules/proxy/mod_proxy.c. - CVE-2026-44631 * SECURITY UPDATE: ap_expr file functions exposable from .htaccess - debian/patches/CVE-2026-44119.patch: restrict file functions/tests centrally in ap_expr_parse_cmd_mi() via a new AP_EXPR_FLAG_RESTRICTED_FILE_FUNC flag in include/ap_expr.h and server/util_expr_eval.c, dropping the per-module restriction in modules/mappers/mod_rewrite.c and modules/metadata/mod_setenvif.c. - CVE-2026-44119
Updated packages:
  • apache2_2.4.18-2ubuntu3.17+tuxcare.els22_amd64.deb
    sha:a1ddcdad9b3bf680a9e08b9ecbfe275a4d8434ea
  • apache2-bin_2.4.18-2ubuntu3.17+tuxcare.els22_amd64.deb
    sha:03529de79a6a5f235f2b5b50aca5ce34f81338ae
  • apache2-data_2.4.18-2ubuntu3.17+tuxcare.els22_all.deb
    sha:6d7a1a794c424a97d50a2421f4ef6d1b7b91bf12
  • apache2-dev_2.4.18-2ubuntu3.17+tuxcare.els22_amd64.deb
    sha:56c3cd92424e0c252b6fa338ea5e9599f4d9c12f
  • apache2-doc_2.4.18-2ubuntu3.17+tuxcare.els22_all.deb
    sha:97d676498cb3bf1a80e92da8c3e33a33fc46220c
  • apache2-suexec-custom_2.4.18-2ubuntu3.17+tuxcare.els22_amd64.deb
    sha:cf233e6869562168b4e973727821b85babf1cb94
  • apache2-suexec-pristine_2.4.18-2ubuntu3.17+tuxcare.els22_amd64.deb
    sha:67f39f17665cdd5cf3fc95f64f62aedcfb3b81fc
  • apache2-utils_2.4.18-2ubuntu3.17+tuxcare.els22_amd64.deb
    sha:f14f3e07a7e017b937790b0660226ad4fab42cfd
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.