Release date:
2026-07-02 08:18:17 UTC
Description:
- CVE-2026-43951: fix mod_headers/mod_mime out-of-bounds read in merge_response_headers content-language iteration
- CVE-2026-44119: fix improper privilege management allowing .htaccess authors to invoke file functions in restricted contexts
- CVE-2026-44185: fix mod_ssl OCSP buffer over-read in ssl_util_ocsp send_request
- CVE-2026-44186: fix mod_proxy_ftp infinite loop on crafted backend FTP response
- CVE-2026-44631: fix ap_regname buffer underwrite via crafted named capture in configuration regex
Updated packages:
-
httpd-2.4.37-64.module_el8+2438+d0b58708.tuxcare.els8.x86_64.rpm
sha:092c720205c4d822554c495452f9d8648439c8f3dedc4207858ce76d9cd62863
-
httpd-devel-2.4.37-64.module_el8+2438+d0b58708.tuxcare.els8.x86_64.rpm
sha:97a512216fe6abe031d72b9fadc8ec351519bc748fd927835c04502fc48539c3
-
httpd-filesystem-2.4.37-64.module_el8+2438+d0b58708.tuxcare.els8.noarch.rpm
sha:f157b4ecf920b436997f98a162470d3983aeda05f19222e28481ce8a6a3c0ac7
-
httpd-manual-2.4.37-64.module_el8+2438+d0b58708.tuxcare.els8.noarch.rpm
sha:d31bb0c2ac46142c15aa4a455ec145d9f0f069ff0b98b97fe527f7e827715731
-
httpd-tools-2.4.37-64.module_el8+2438+d0b58708.tuxcare.els8.x86_64.rpm
sha:c72921ec7c9269b93fcaa233da1b9f38cd177ffa0aac0711395671005c97015b
-
mod_ldap-2.4.37-64.module_el8+2438+d0b58708.tuxcare.els8.x86_64.rpm
sha:170ef5d3dd9e9770a10922848ae97f017ab34a9a6404d03f36d0cafe341e9d90
-
mod_proxy_html-2.4.37-64.module_el8+2438+d0b58708.tuxcare.els8.x86_64.rpm
sha:4e958bba6c3978be0d6f30d58be43fc8629af7ae6969880935c1171167cd7c79
-
mod_session-2.4.37-64.module_el8+2438+d0b58708.tuxcare.els8.x86_64.rpm
sha:771f03550218b3d45a6f4bfe725afc554e18d235d8955ffd613245a058877de6
-
mod_ssl-2.4.37-64.module_el8+2438+d0b58708.tuxcare.els8.x86_64.rpm
sha:ec586ee86bdddf07988ee74d0b5bde8d97e3db5e89edefc29fcc998d8c36c9a3
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.