4 matches found
CLSA-2026-1779119053 Fix of 8 CVEs
SECURITY UPDATE: modproxyajp heap buffer over-read in ajpmsggetstring - debian/patches/CVE-2026-34032.patch: add buffer checks in modules/proxy/ajpmsg.c. - CVE-2026-34032 SECURITY UPDATE: AJP getter functions off-by-one out-of-bounds reads - debian/patches/CVE-2026-33857.patch: fix length checks ...
MGASA-2026-0129 Updated apache packages fix security vulnerabilities
http2: double free and possible RCE on early reset. CVE-2026-23918 modrewrite elevation of privileges via apexpr. CVE-2026-24072 buffer overflow in modproxyajp via ajpmsgcheckheader. CVE-2026-28780 modmd unrestricted OCSP response. CVE-2026-29168 moddavlock indirect lock crash. CVE-2026-29169...
CLSA-2026-1778111838 httpd: Fix of 9 CVEs
CVE-2026-24072: fix modrewrite apexpr privilege escalation in htaccess - CVE-2026-28780: fix modproxyajp ajpmsgcheckheader buffer over-read - CVE-2026-29169: fix moddavlock NULL pointer dereference - CVE-2026-33006: fix modauthdigest timing attack - CVE-2026-33007: fix modauthnsocache NULL...
Vulnerabilities in Apache HTTP Server
The Apache Software Foundation has addressed several vulnerabilities in Apache HTTP Server. These vulnerabilities concern various modules and functions within Apache HTTP Server. The most serious vulnerability relates to a double-free in the HTTP/2 implementation, which allows an attacker to...