[CLSA-2026:1782980275] httpd: Fix of 5 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-02 08:18:17 UTC
Description:
- CVE-2026-43951: fix mod_headers/mod_mime out-of-bounds read in merge_response_headers content-language iteration - CVE-2026-44119: fix improper privilege management allowing .htaccess authors to invoke file functions in restricted contexts - CVE-2026-44185: fix mod_ssl OCSP buffer over-read in ssl_util_ocsp send_request - CVE-2026-44186: fix mod_proxy_ftp infinite loop on crafted backend FTP response - CVE-2026-44631: fix ap_regname buffer underwrite via crafted named capture in configuration regex
Updated packages:
  • httpd-2.4.37-64.module_el8+2438+d0b58708.tuxcare.els8.x86_64.rpm
    sha:092c720205c4d822554c495452f9d8648439c8f3dedc4207858ce76d9cd62863
  • httpd-devel-2.4.37-64.module_el8+2438+d0b58708.tuxcare.els8.x86_64.rpm
    sha:97a512216fe6abe031d72b9fadc8ec351519bc748fd927835c04502fc48539c3
  • httpd-filesystem-2.4.37-64.module_el8+2438+d0b58708.tuxcare.els8.noarch.rpm
    sha:f157b4ecf920b436997f98a162470d3983aeda05f19222e28481ce8a6a3c0ac7
  • httpd-manual-2.4.37-64.module_el8+2438+d0b58708.tuxcare.els8.noarch.rpm
    sha:d31bb0c2ac46142c15aa4a455ec145d9f0f069ff0b98b97fe527f7e827715731
  • httpd-tools-2.4.37-64.module_el8+2438+d0b58708.tuxcare.els8.x86_64.rpm
    sha:c72921ec7c9269b93fcaa233da1b9f38cd177ffa0aac0711395671005c97015b
  • mod_ldap-2.4.37-64.module_el8+2438+d0b58708.tuxcare.els8.x86_64.rpm
    sha:170ef5d3dd9e9770a10922848ae97f017ab34a9a6404d03f36d0cafe341e9d90
  • mod_proxy_html-2.4.37-64.module_el8+2438+d0b58708.tuxcare.els8.x86_64.rpm
    sha:4e958bba6c3978be0d6f30d58be43fc8629af7ae6969880935c1171167cd7c79
  • mod_session-2.4.37-64.module_el8+2438+d0b58708.tuxcare.els8.x86_64.rpm
    sha:771f03550218b3d45a6f4bfe725afc554e18d235d8955ffd613245a058877de6
  • mod_ssl-2.4.37-64.module_el8+2438+d0b58708.tuxcare.els8.x86_64.rpm
    sha:ec586ee86bdddf07988ee74d0b5bde8d97e3db5e89edefc29fcc998d8c36c9a3
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.