[CLSA-2026:1784038645] Fix CVE(s): CVE-2024-39573, CVE-2025-58098
Type:
security
Severity:
Important
Release date:
2026-07-14 14:17:42 UTC
Description:
* SECURITY UPDATE: potential SSRF via unsafe mod_rewrite substitution - debian/patches/CVE-2024-39573.patch: re-add the stripped per-directory prefix (or an implicit '/') to the substituted URI before it can be mistaken for a scheme:// proxy URL, in modules/mappers/mod_rewrite.c. - CVE-2024-39573 * SECURITY UPDATE: SSI #exec cmd query string passed to shell via mod_cgid - debian/patches/CVE-2025-58098.patch: do not pass r->args to create_argv() for SSI requests in modules/generators/mod_cgid.c. - CVE-2025-58098
Updated packages:
  • apache2_2.4.29-1ubuntu4.27+tuxcare.els14_amd64.deb
    sha:563a1fba2b5b98913fdc9996ec52a81d7e574405
  • apache2-bin_2.4.29-1ubuntu4.27+tuxcare.els14_amd64.deb
    sha:f7a4f346fc67066ad239ede7ef7e56d085447ee7
  • apache2-data_2.4.29-1ubuntu4.27+tuxcare.els14_all.deb
    sha:dc2ea0a18043874c7f63dd2e35082a677e26eed0
  • apache2-dev_2.4.29-1ubuntu4.27+tuxcare.els14_amd64.deb
    sha:b1d1e971c4bf959947df0e6990dce225b1ce9571
  • apache2-doc_2.4.29-1ubuntu4.27+tuxcare.els14_all.deb
    sha:f759800a9099eed1f2e8d2b3a3e69a9a4547a53e
  • apache2-ssl-dev_2.4.29-1ubuntu4.27+tuxcare.els14_amd64.deb
    sha:1cc5d24cb07d7a99e7586fd64946d158f472f153
  • apache2-suexec-custom_2.4.29-1ubuntu4.27+tuxcare.els14_amd64.deb
    sha:fb0d4eaac525b3ac5ca95d559795186fd02e53a0
  • apache2-suexec-pristine_2.4.29-1ubuntu4.27+tuxcare.els14_amd64.deb
    sha:e6a88354ab50c435e71940c71acfd749d070d2f8
  • apache2-utils_2.4.29-1ubuntu4.27+tuxcare.els14_amd64.deb
    sha:8e4601a3a899eaccf638af1d2ac9aa842a83003a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.