Release date:
2026-07-14 16:12:14 UTC
Description:
* SECURITY UPDATE: query string passed to SSI "#exec cmd" via mod_cgid
- debian/patches/CVE-2025-58098.patch: in cgid_server() in
modules/generators/mod_cgid.c, do not pass the request query string
(r->args) to create_argv() for Server Side Includes requests by
passing NULL when cgid_req.req_type == SSI_REQ, and add a NULL guard
to create_argv() so a shell-escaped query string can no longer be
split into extra arguments of an SSI "#exec cmd" command. Backported
from httpd commit ecc1b8f3817e3dcab9c1f24f905752d3c0a279af
(SVN r1930161).
- CVE-2025-58098
* SECURITY UPDATE: log injection via unescaped mod_ssl log variables
- debian/patches/CVE-2024-47252.patch: in ssl_var_log_handler_c() and
ssl_var_log_handler_x() in modules/ssl/ssl_engine_vars.c, escape the
SSL/TLS variables returned by these mod_ssl log handlers with
ap_escape_logitem() so client-supplied values such as SSL_TLS_SNI
logged via "%{varname}c"/"%{varname}x" can no longer insert escape
characters into log files. Backported from httpd commit
c01e60707048be14a510f0a92128a5227923215c (SVN r1927042).
- CVE-2024-47252
Updated packages:
-
apache2_2.4.41-4ubuntu3.23+tuxcare.els12_amd64.deb
sha:e944279ec50035aec3475a6ca6d48467c216bb75
-
apache2-bin_2.4.41-4ubuntu3.23+tuxcare.els12_amd64.deb
sha:5707bd0664e8d508fbc652ee6586078dfa4b90d0
-
apache2-data_2.4.41-4ubuntu3.23+tuxcare.els12_all.deb
sha:2a41b524ce6b1a9c1b3a6b5ceb0d61c0b2a93c95
-
apache2-dev_2.4.41-4ubuntu3.23+tuxcare.els12_amd64.deb
sha:0a0b7f36689e834f81f6882536614e5fe9b3f24f
-
apache2-doc_2.4.41-4ubuntu3.23+tuxcare.els12_all.deb
sha:01b62f54ebdf4665165c2a39fec7e89a18ed0294
-
apache2-ssl-dev_2.4.41-4ubuntu3.23+tuxcare.els12_amd64.deb
sha:8e2263ac669f71533b8608456e67a294abb3c951
-
apache2-suexec-custom_2.4.41-4ubuntu3.23+tuxcare.els12_amd64.deb
sha:e4bd457e2dfade15ad410804b388cb9f7c175c07
-
apache2-suexec-pristine_2.4.41-4ubuntu3.23+tuxcare.els12_amd64.deb
sha:1e734497e0d2a09cfe7cab3c63e3f8c15c251ae9
-
apache2-utils_2.4.41-4ubuntu3.23+tuxcare.els12_amd64.deb
sha:2e29a605e35698ca38ed13804b898ca8ecf4b0c4
-
libapache2-mod-md_2.4.41-4ubuntu3.23+tuxcare.els12_amd64.deb
sha:842a4a794236edf942379af907cf6ef6b83d0836
-
libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.23+tuxcare.els12_amd64.deb
sha:72a4243041b77e8b550ce41bdcd709866a7a1833
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.