Release date:
2026-06-11 20:36:22 UTC
Description:
- CVE-2026-29167: fix mod_ldap use-after-free with per-directory LDAP config
- CVE-2026-29170: fix mod_proxy_ftp XSS in generated FTP directory listings
- CVE-2026-34355: fix mod_proxy_html buffer overflow via ap_varbuf API migration
- CVE-2026-34356: fix mod_proxy heap buffer overflow in ProxyPassReverseCookie* handling
- CVE-2026-42535: fix mod_dav_fs path handling allowing manipulation of DAV property databases
- CVE-2026-42536: fix mod_xml2enc heap buffer overflow in xml2StartParse accounting
Updated packages:
-
httpd-2.4.37-64.module_el8+2422+07117e8f.tuxcare.els7.x86_64.rpm
sha:251a8f7ceb6b5efa2d0bae5fc02e153bc569898334cfe3edbbd70b93beca7f15
-
httpd-devel-2.4.37-64.module_el8+2422+07117e8f.tuxcare.els7.x86_64.rpm
sha:221e6be5fedd118db419372e838a35b3b3f7f1d71982096a89d5fbf14fa753dc
-
httpd-filesystem-2.4.37-64.module_el8+2422+07117e8f.tuxcare.els7.noarch.rpm
sha:0f79cee8f3d1e70fcab9efc380599fda2f24dab12ec18be4b7f9cf763f32bd08
-
httpd-manual-2.4.37-64.module_el8+2422+07117e8f.tuxcare.els7.noarch.rpm
sha:1223125299a87bb3704283a4aba3793643a79d4e6c20e10f9ca10a6238940aa1
-
httpd-tools-2.4.37-64.module_el8+2422+07117e8f.tuxcare.els7.x86_64.rpm
sha:9950cc71fdea5ea4a42b2c61a426b2d61d3950e1a9b022514a1bff8065aa78a7
-
mod_ldap-2.4.37-64.module_el8+2422+07117e8f.tuxcare.els7.x86_64.rpm
sha:c35e2bffa7f41096deb99ce728a8a00e801e7ea3ad71a269e3e9a6a681f53f15
-
mod_proxy_html-2.4.37-64.module_el8+2422+07117e8f.tuxcare.els7.x86_64.rpm
sha:2319c963e96cb8c9d0023ba52ebc5b79fcd9617404b453e9243c22d80ba6bb60
-
mod_session-2.4.37-64.module_el8+2422+07117e8f.tuxcare.els7.x86_64.rpm
sha:4e67234a16c32c2c31fa2f6542f69b45b67df4d87f25c0098d951e22288b34d6
-
mod_ssl-2.4.37-64.module_el8+2422+07117e8f.tuxcare.els7.x86_64.rpm
sha:597e9857994aff7ba4a8dfb20fac2f2677e48bf81a2b5b18975b4abfb3450b44
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
