Release date:
2026-07-14 14:17:42 UTC
Description:
* SECURITY UPDATE: potential SSRF via unsafe mod_rewrite substitution
- debian/patches/CVE-2024-39573.patch: re-add the stripped per-directory
prefix (or an implicit '/') to the substituted URI before it can be
mistaken for a scheme:// proxy URL, in modules/mappers/mod_rewrite.c.
- CVE-2024-39573
* SECURITY UPDATE: SSI #exec cmd query string passed to shell via mod_cgid
- debian/patches/CVE-2025-58098.patch: do not pass r->args to create_argv()
for SSI requests in modules/generators/mod_cgid.c.
- CVE-2025-58098
Updated packages:
-
apache2_2.4.29-1ubuntu4.27+tuxcare.els14_amd64.deb
sha:563a1fba2b5b98913fdc9996ec52a81d7e574405
-
apache2-bin_2.4.29-1ubuntu4.27+tuxcare.els14_amd64.deb
sha:f7a4f346fc67066ad239ede7ef7e56d085447ee7
-
apache2-data_2.4.29-1ubuntu4.27+tuxcare.els14_all.deb
sha:dc2ea0a18043874c7f63dd2e35082a677e26eed0
-
apache2-dev_2.4.29-1ubuntu4.27+tuxcare.els14_amd64.deb
sha:b1d1e971c4bf959947df0e6990dce225b1ce9571
-
apache2-doc_2.4.29-1ubuntu4.27+tuxcare.els14_all.deb
sha:f759800a9099eed1f2e8d2b3a3e69a9a4547a53e
-
apache2-ssl-dev_2.4.29-1ubuntu4.27+tuxcare.els14_amd64.deb
sha:1cc5d24cb07d7a99e7586fd64946d158f472f153
-
apache2-suexec-custom_2.4.29-1ubuntu4.27+tuxcare.els14_amd64.deb
sha:fb0d4eaac525b3ac5ca95d559795186fd02e53a0
-
apache2-suexec-pristine_2.4.29-1ubuntu4.27+tuxcare.els14_amd64.deb
sha:e6a88354ab50c435e71940c71acfd749d070d2f8
-
apache2-utils_2.4.29-1ubuntu4.27+tuxcare.els14_amd64.deb
sha:8e4601a3a899eaccf638af1d2ac9aa842a83003a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.