Release date:
2026-06-12 14:41:05 UTC
Description:
- CVE-2026-29167: mod_ldap use-after-free in per-directory config, deep-copy client_certs
into the connection pool
- CVE-2026-34356: mod_proxy heap buffer overflow in ap_proxy_cookie_reverse_map(), reset
newpath/newdomain state on duplicate path=/domain= cookie attributes from a malicious
backend
Updated packages:
-
httpd-2.4.53-11.el9_2.5.tuxcare.els15.x86_64.rpm
sha:361d61af1243712c9a59f05f9fbdeffa751e71e1c825dfa4e45184497bd3b125
-
httpd-core-2.4.53-11.el9_2.5.tuxcare.els15.x86_64.rpm
sha:064a2e65c6028e4ff55c9e5f28d2cc970735531adcb6e14e070240757529eb07
-
httpd-devel-2.4.53-11.el9_2.5.tuxcare.els15.x86_64.rpm
sha:0343fb35bc46dbc7e79c9cb3b5885c74bec1194edf19acf314ea0ce0461fa71b
-
httpd-filesystem-2.4.53-11.el9_2.5.tuxcare.els15.noarch.rpm
sha:5a095630ddb8829f91f9c74229f867eeba0e0b19c8e09891bbcf998f9022f29c
-
httpd-manual-2.4.53-11.el9_2.5.tuxcare.els15.noarch.rpm
sha:e95f404650440b65abf72851d26473b419915a2845484044fb46f94cf17e5f4c
-
httpd-tools-2.4.53-11.el9_2.5.tuxcare.els15.x86_64.rpm
sha:82519a1d33093a9ae4fdc9b4f130e745865e59d0031c4d39a091e6d2616543c9
-
mod_ldap-2.4.53-11.el9_2.5.tuxcare.els15.x86_64.rpm
sha:6ee807acba7191cc248ddd767972f124b8e0cf9424ce3d327c8dfa40614e4dca
-
mod_lua-2.4.53-11.el9_2.5.tuxcare.els15.x86_64.rpm
sha:73400ed2b219bf6803202f7cdf34256e83f30ecc3d248f03c35fd700dcc72308
-
mod_proxy_html-2.4.53-11.el9_2.5.tuxcare.els15.x86_64.rpm
sha:8afd51b4d03fe82d5789c4dc7e2bdb4f4afa65be1c558e0368a43586db1ebfc6
-
mod_session-2.4.53-11.el9_2.5.tuxcare.els15.x86_64.rpm
sha:b242f78e519a61ebbb06c02eb9e79c7c3aa059fd1f2ad28e96ec627fd2ae2f69
-
mod_ssl-2.4.53-11.el9_2.5.tuxcare.els15.x86_64.rpm
sha:34730909b3ce79d76f5a4b5cd38f53da7dcca05f239e0c47a522ade51beea464
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
