[CLSA-2026:1782299145] Fix CVE(s): CVE-2026-42536
Type:
security
Severity:
Critical
Release date:
2026-06-24 11:06:02 UTC
Description:
* SECURITY UPDATE: mod_xml2enc heap-based buffer overflow via xml2StartParse with untrusted content - debian/patches/CVE-2026-42536.patch: add the missing ctx->bblen -= (p-ctx->buf) accounting in fix_skipto() in modules/filters/mod_xml2enc.c so the bblen byte-length counter stays in sync with bytes when leading content is skipped, preventing a heap buffer overflow. Upstream fix cb1f79c0ce66393c48657b19df754f16b79af543 (SVN r1934971). - CVE-2026-42536
CVEs fixed:
Updated packages:
  • apache2_2.4.41-4ubuntu3.23+tuxcare.els9_amd64.deb
    sha:450ec14cafc4c6304bb5a424227e2f01cb938a92
  • apache2-bin_2.4.41-4ubuntu3.23+tuxcare.els9_amd64.deb
    sha:ecf10b5f82b35ec1138b4daff17ab24d7a87f452
  • apache2-data_2.4.41-4ubuntu3.23+tuxcare.els9_all.deb
    sha:85d115865ffc21aea9fbaaf0f8be53f60dd8a1a2
  • apache2-dev_2.4.41-4ubuntu3.23+tuxcare.els9_amd64.deb
    sha:ee5679871a390184de9c118173e72ecd72cad4db
  • apache2-doc_2.4.41-4ubuntu3.23+tuxcare.els9_all.deb
    sha:98cc572da4059b5d22ec10591b56889c39cbb68d
  • apache2-ssl-dev_2.4.41-4ubuntu3.23+tuxcare.els9_amd64.deb
    sha:b8c50f0b52e850573ae7efe5705c368735b47fef
  • apache2-suexec-custom_2.4.41-4ubuntu3.23+tuxcare.els9_amd64.deb
    sha:0f839f93456c2a1a352f4e368e63049cc3231a88
  • apache2-suexec-pristine_2.4.41-4ubuntu3.23+tuxcare.els9_amd64.deb
    sha:30b0455fca5e2665132cd0a4f76072343ed75ddc
  • apache2-utils_2.4.41-4ubuntu3.23+tuxcare.els9_amd64.deb
    sha:ba1aea7b9ac5a604fa6d074dbeadc5b084c3a8b1
  • libapache2-mod-md_2.4.41-4ubuntu3.23+tuxcare.els9_amd64.deb
    sha:6d788a919cb50c8898bd30fd88681037aee6f55f
  • libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.23+tuxcare.els9_amd64.deb
    sha:a24c3581a05715bef5ea1dfc5e5f39e3b7c70ad8
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.