[CLSA-2026:1783529026] Fix CVE(s): CVE-2026-44631
Type:
security
Severity:
Important
Release date:
2026-07-08 16:44:03 UTC
Description:
* SECURITY UPDATE: buffer underwrite in ap_regname() regex capture handling - debian/patches/CVE-2026-44631.patch: cast the PCRE name-table bytes to unsigned char in ap_regname() so the capture group number cannot become negative, and reject capture numbers above 1024, in server/util_pcre.c; check the return value in the , , and section handlers in server/core.c and modules/proxy/mod_proxy.c - CVE-2026-44631
CVEs fixed:
Updated packages:
  • apache2_2.4.59-1~deb10u1+tuxcare.els10_amd64.deb
    sha:423f532f7492a0ec23384d469b988f68ff071d8b
  • apache2-bin_2.4.59-1~deb10u1+tuxcare.els10_amd64.deb
    sha:48abb05c0d6fc039a80c238bc66f5836052e49de
  • apache2-data_2.4.59-1~deb10u1+tuxcare.els10_all.deb
    sha:0c6aded390ea93ac1f1c6a416a47c9735b941534
  • apache2-dev_2.4.59-1~deb10u1+tuxcare.els10_amd64.deb
    sha:b0ceb40f384ef892cb48a500a3dec0c37d70a3fd
  • apache2-doc_2.4.59-1~deb10u1+tuxcare.els10_all.deb
    sha:b5238db4071b378af9c57bacd440adf598f042ed
  • apache2-ssl-dev_2.4.59-1~deb10u1+tuxcare.els10_amd64.deb
    sha:464f90b7e549193ac62656309a1f598a8b459589
  • apache2-suexec-custom_2.4.59-1~deb10u1+tuxcare.els10_amd64.deb
    sha:e2062ca09382f2a152f6a99f27b114c6c60be9c2
  • apache2-suexec-pristine_2.4.59-1~deb10u1+tuxcare.els10_amd64.deb
    sha:ff201986a39b95fe5ce08bc731acd22011763568
  • apache2-utils_2.4.59-1~deb10u1+tuxcare.els10_amd64.deb
    sha:40703a4bdda9f2cc4c913e3ac5272f68f89c754d
  • libapache2-mod-md_2.4.59-1~deb10u1+tuxcare.els10_amd64.deb
    sha:a988122d32f60869e01f9c4d2d34ee9ca5988706
  • libapache2-mod-proxy-uwsgi_2.4.59-1~deb10u1+tuxcare.els10_amd64.deb
    sha:2d41e934bf1f8af34a58c7d84b62fa864c3d831d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.