[CLSA-2026:1782293864] Fix CVE(s): CVE-2026-44631
Type:
security
Severity:
Important
Release date:
2026-06-24 09:38:02 UTC
Description:
* SECURITY UPDATE: buffer underwrite in ap_regname() via crafted regular expressions in the configuration - debian/patches/CVE-2026-44631.patch: cast the PCRE name-table capture index bytes to unsigned char in ap_regname() in server/util_pcre.c so a high bit no longer sign-extends the capture index to a negative value, and reject capture group numbers above 1024 by returning an error that the // and configuration handlers in server/core.c and modules/proxy/mod_proxy.c now check, preventing a buffer underwrite. Upstream fix 7d9f3cfb10b0fe70df7358d26d7b1f374ea1a0cb (SVN r1935015). - CVE-2026-44631
CVEs fixed:
Updated packages:
  • apache2_2.4.41-4ubuntu3.23+tuxcare.els10_amd64.deb
    sha:3d27548d76cc66b904add7c3c039a27d90c026cf
  • apache2-bin_2.4.41-4ubuntu3.23+tuxcare.els10_amd64.deb
    sha:524e5c27c43785ebecea37ce77f3578462445341
  • apache2-data_2.4.41-4ubuntu3.23+tuxcare.els10_all.deb
    sha:bee3c935c5738d5832d48eda8739128e09cb618e
  • apache2-dev_2.4.41-4ubuntu3.23+tuxcare.els10_amd64.deb
    sha:48a8c8e61478bf9fa12923f6b50cc42ec08d68a2
  • apache2-doc_2.4.41-4ubuntu3.23+tuxcare.els10_all.deb
    sha:a9738138bcaa4b810268bdea523318ad4c524483
  • apache2-ssl-dev_2.4.41-4ubuntu3.23+tuxcare.els10_amd64.deb
    sha:a78fbf07946912311d6113f09226105a5cc65549
  • apache2-suexec-custom_2.4.41-4ubuntu3.23+tuxcare.els10_amd64.deb
    sha:13278be099665af10bbfa316ea549b7212e5e88b
  • apache2-suexec-pristine_2.4.41-4ubuntu3.23+tuxcare.els10_amd64.deb
    sha:501d0065c0cafd81159d29a9fcba2127a14c43e3
  • apache2-utils_2.4.41-4ubuntu3.23+tuxcare.els10_amd64.deb
    sha:f656c3b699298a9c14bda51217d7252b9b5407ac
  • libapache2-mod-md_2.4.41-4ubuntu3.23+tuxcare.els10_amd64.deb
    sha:dfcdbeb115dc6581da9c258e1687f619a3d11f4e
  • libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.23+tuxcare.els10_amd64.deb
    sha:b9be9dccae0766f94688612ee17da855003cbb2b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.