ALSA-2026:21391

See a problem?

Import Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21391.json

JSON Data

https://api.osv.dev/v1/vulns/ALSA-2026:21391

Related

CVE-2026-28780
CVE-2026-33007
CVE-2026-33857
CVE-2026-34032
CVE-2026-34059

Published

2026-05-27T00:00:00Z

Modified

2026-05-29T13:44:13.859581044Z

Summary

Important: httpd security update

Details

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata() (CVE-2026-34059)
httpd: modproxyajp: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032)
httpd: modproxyajp: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857)
httpd: modauthnsocache: NULL pointer dereference can cause a child process crash (CVE-2026-33007)
Apache HTTP Server: modproxyajp: Apache HTTP Server modproxyajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:9

httpd

Package

Name: httpd
Purl: pkg:rpm/almalinux/httpd

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.62-13.el9_8.1

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21391.json"

httpd-core

Package

Name: httpd-core
Purl: pkg:rpm/almalinux/httpd-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.62-13.el9_8.1

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21391.json"

httpd-devel

Package

Name: httpd-devel
Purl: pkg:rpm/almalinux/httpd-devel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.62-13.el9_8.1

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21391.json"

httpd-filesystem

Package

Name: httpd-filesystem
Purl: pkg:rpm/almalinux/httpd-filesystem

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.62-13.el9_8.1

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21391.json"

httpd-manual

Package

Name: httpd-manual
Purl: pkg:rpm/almalinux/httpd-manual

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.62-13.el9_8.1

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21391.json"

httpd-tools

Package

Name: httpd-tools
Purl: pkg:rpm/almalinux/httpd-tools

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.62-13.el9_8.1

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21391.json"

mod_ldap

Package

Name: mod_ldap
Purl: pkg:rpm/almalinux/mod_ldap

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.62-13.el9_8.1

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21391.json"

mod_lua

Package

Name: mod_lua
Purl: pkg:rpm/almalinux/mod_lua

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.62-13.el9_8.1

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21391.json"

mod_proxy_html

Package

Name: mod_proxy_html
Purl: pkg:rpm/almalinux/mod_proxy_html

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.4.62-13.el9_8.1

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21391.json"

mod_session

Package

Name: mod_session
Purl: pkg:rpm/almalinux/mod_session

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.62-13.el9_8.1

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21391.json"

mod_ssl

Package

Name: mod_ssl
Purl: pkg:rpm/almalinux/mod_ssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.4.62-13.el9_8.1

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21391.json"