[CLSA-2026:1778490923] httpd: Fix of 9 CVEs
Type:
security
Severity:
Important
Release date:
2026-05-11 09:15:28 UTC
Description:
- CVE-2026-33857: fix length checks in AJP msg_get functions - CVE-2026-34032: fix ajp_msg_get_string buffer checks - CVE-2026-34059: fix ajp_parse_data message len check - CVE-2026-24072: use AP_EXPR_FLAG_RESTRICTED in htaccess - CVE-2026-29169: mod_dav_lock: use the right dav_lock_discovery - CVE-2026-33006: mod_auth_digest: use apr_crypto_equals - CVE-2026-33007: mod_authn_socache: validate URL earlier - CVE-2026-33523: scan outgoing status line for newlines and controls - CVE-2026-28780: fix ajp_msg_check_header check
Updated packages:
  • httpd-2.4.62-4.el9_6.4.tuxcare.els4.x86_64.rpm
    sha:25c01d0d9ea4cd17680b5aebeebc5d5a75eac1388b32d0cd6fc200166e33b992
  • httpd-core-2.4.62-4.el9_6.4.tuxcare.els4.x86_64.rpm
    sha:0be3d16c96dc450148d85ee4a4d2dac5a7d3d0312e6935dc4b2a2aace845ad59
  • httpd-devel-2.4.62-4.el9_6.4.tuxcare.els4.x86_64.rpm
    sha:f99ca1cf936b5c68ca66b7f5a795e87a26b370cb0c72930afa0eafa56b308928
  • httpd-filesystem-2.4.62-4.el9_6.4.tuxcare.els4.noarch.rpm
    sha:aff0598ccb9f6f466b0c75220c975a6de3b645af3dd85d5b2ab34fca8efaad33
  • httpd-manual-2.4.62-4.el9_6.4.tuxcare.els4.noarch.rpm
    sha:b7fbf2066e8be9934173924ea3bc2309b830b7eb7dd7c0eb5f6ba6c9b8e9bf20
  • httpd-tools-2.4.62-4.el9_6.4.tuxcare.els4.x86_64.rpm
    sha:56354061cff5f28e748fabebe2a606a3eadc636a9aeb6146e3525f376d1fa2c0
  • mod_ldap-2.4.62-4.el9_6.4.tuxcare.els4.x86_64.rpm
    sha:5f731724feb804ba91ce0119fe1ae87eecf31e51e7fa62885fdc3a43df9d0884
  • mod_lua-2.4.62-4.el9_6.4.tuxcare.els4.x86_64.rpm
    sha:4e561c47ab4719f590bc78f491f4d6f810060602c6c76ef25890bc64b29fc8d6
  • mod_proxy_html-2.4.62-4.el9_6.4.tuxcare.els4.x86_64.rpm
    sha:4ffa4710359e03d239f76e86f696f5af181ed874b07d2048c6aa0a8621bd531e
  • mod_session-2.4.62-4.el9_6.4.tuxcare.els4.x86_64.rpm
    sha:3a5f8a2786962158b6554ddedca303d8c0ae3aee2c421e85319957f565f44978
  • mod_ssl-2.4.62-4.el9_6.4.tuxcare.els4.x86_64.rpm
    sha:eab22a326d9a74db0fb3b476b0067b86b2797302fa163ebb5fe15653453c7a5f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.