[CLSA-2026:1784018824] Fix CVE(s): CVE-2024-39573, CVE-2025-58098
Type:
security
Severity:
Important
Release date:
2026-07-14 08:47:21 UTC
Description:
* SECURITY UPDATE: potential SSRF via unsafe mod_rewrite substitution - debian/patches/CVE-2024-39573.patch: re-add the stripped per-directory prefix (or an implicit '/') to the substituted URI before it can be mistaken for a scheme:// proxy URL, in modules/mappers/mod_rewrite.c. - CVE-2024-39573 * SECURITY UPDATE: SSI #exec cmd query string passed to shell via mod_cgid - debian/patches/CVE-2025-58098.patch: do not pass r->args to create_argv() for SSI requests in modules/generators/mod_cgid.c. - CVE-2025-58098
Updated packages:
  • apache2_2.4.18-2ubuntu3.17+tuxcare.els23_amd64.deb
    sha:76e6af586609dca4dfd093cfa2f1120dc48010cb
  • apache2-bin_2.4.18-2ubuntu3.17+tuxcare.els23_amd64.deb
    sha:4442c7032781a920030b2ae133cfb8f7559f6383
  • apache2-data_2.4.18-2ubuntu3.17+tuxcare.els23_all.deb
    sha:76e1a407b61544a056269584d33061e77bf1bfce
  • apache2-dev_2.4.18-2ubuntu3.17+tuxcare.els23_amd64.deb
    sha:1b18a85bbda70ebd33c0df7ba61edb72f808aff9
  • apache2-doc_2.4.18-2ubuntu3.17+tuxcare.els23_all.deb
    sha:4a214a01763d718e773b2412713e3964bd02e71c
  • apache2-suexec-custom_2.4.18-2ubuntu3.17+tuxcare.els23_amd64.deb
    sha:034c48f996228d1695650215af591da78a9895ff
  • apache2-suexec-pristine_2.4.18-2ubuntu3.17+tuxcare.els23_amd64.deb
    sha:e38bce306ac86cfefcf24306706bcf99d29662df
  • apache2-utils_2.4.18-2ubuntu3.17+tuxcare.els23_amd64.deb
    sha:a34bc4917842bca51d2c58bb27ac7698a3cc67bb
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.