Release date:
2026-06-24 11:06:02 UTC
Description:
* SECURITY UPDATE: mod_xml2enc heap-based buffer overflow via xml2StartParse
with untrusted content
- debian/patches/CVE-2026-42536.patch: add the missing
ctx->bblen -= (p-ctx->buf) accounting in fix_skipto() in
modules/filters/mod_xml2enc.c so the bblen byte-length counter stays in
sync with bytes when leading content is skipped, preventing a heap
buffer overflow. Upstream fix
cb1f79c0ce66393c48657b19df754f16b79af543 (SVN r1934971).
- CVE-2026-42536
Updated packages:
-
apache2_2.4.41-4ubuntu3.23+tuxcare.els9_amd64.deb
sha:450ec14cafc4c6304bb5a424227e2f01cb938a92
-
apache2-bin_2.4.41-4ubuntu3.23+tuxcare.els9_amd64.deb
sha:ecf10b5f82b35ec1138b4daff17ab24d7a87f452
-
apache2-data_2.4.41-4ubuntu3.23+tuxcare.els9_all.deb
sha:85d115865ffc21aea9fbaaf0f8be53f60dd8a1a2
-
apache2-dev_2.4.41-4ubuntu3.23+tuxcare.els9_amd64.deb
sha:ee5679871a390184de9c118173e72ecd72cad4db
-
apache2-doc_2.4.41-4ubuntu3.23+tuxcare.els9_all.deb
sha:98cc572da4059b5d22ec10591b56889c39cbb68d
-
apache2-ssl-dev_2.4.41-4ubuntu3.23+tuxcare.els9_amd64.deb
sha:b8c50f0b52e850573ae7efe5705c368735b47fef
-
apache2-suexec-custom_2.4.41-4ubuntu3.23+tuxcare.els9_amd64.deb
sha:0f839f93456c2a1a352f4e368e63049cc3231a88
-
apache2-suexec-pristine_2.4.41-4ubuntu3.23+tuxcare.els9_amd64.deb
sha:30b0455fca5e2665132cd0a4f76072343ed75ddc
-
apache2-utils_2.4.41-4ubuntu3.23+tuxcare.els9_amd64.deb
sha:ba1aea7b9ac5a604fa6d074dbeadc5b084c3a8b1
-
libapache2-mod-md_2.4.41-4ubuntu3.23+tuxcare.els9_amd64.deb
sha:6d788a919cb50c8898bd30fd88681037aee6f55f
-
libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.23+tuxcare.els9_amd64.deb
sha:a24c3581a05715bef5ea1dfc5e5f39e3b7c70ad8
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.