Release date:
2026-07-14 08:47:21 UTC
Description:
* SECURITY UPDATE: potential SSRF via unsafe mod_rewrite substitution
- debian/patches/CVE-2024-39573.patch: re-add the stripped per-directory
prefix (or an implicit '/') to the substituted URI before it can be
mistaken for a scheme:// proxy URL, in modules/mappers/mod_rewrite.c.
- CVE-2024-39573
* SECURITY UPDATE: SSI #exec cmd query string passed to shell via mod_cgid
- debian/patches/CVE-2025-58098.patch: do not pass r->args to create_argv()
for SSI requests in modules/generators/mod_cgid.c.
- CVE-2025-58098
Updated packages:
-
apache2_2.4.18-2ubuntu3.17+tuxcare.els23_amd64.deb
sha:76e6af586609dca4dfd093cfa2f1120dc48010cb
-
apache2-bin_2.4.18-2ubuntu3.17+tuxcare.els23_amd64.deb
sha:4442c7032781a920030b2ae133cfb8f7559f6383
-
apache2-data_2.4.18-2ubuntu3.17+tuxcare.els23_all.deb
sha:76e1a407b61544a056269584d33061e77bf1bfce
-
apache2-dev_2.4.18-2ubuntu3.17+tuxcare.els23_amd64.deb
sha:1b18a85bbda70ebd33c0df7ba61edb72f808aff9
-
apache2-doc_2.4.18-2ubuntu3.17+tuxcare.els23_all.deb
sha:4a214a01763d718e773b2412713e3964bd02e71c
-
apache2-suexec-custom_2.4.18-2ubuntu3.17+tuxcare.els23_amd64.deb
sha:034c48f996228d1695650215af591da78a9895ff
-
apache2-suexec-pristine_2.4.18-2ubuntu3.17+tuxcare.els23_amd64.deb
sha:e38bce306ac86cfefcf24306706bcf99d29662df
-
apache2-utils_2.4.18-2ubuntu3.17+tuxcare.els23_amd64.deb
sha:a34bc4917842bca51d2c58bb27ac7698a3cc67bb
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.