CLSA-2026-1778614426

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778614426.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1778614426

Upstream

CVE-2026-24072

CVE-2026-28780

CVE-2026-29169

CVE-2026-33006

CVE-2026-33007

CVE-2026-33523

CVE-2026-33857

CVE-2026-34032

CVE-2026-34059

Published

2026-05-12T19:33:50Z

Modified

2026-06-01T00:33:23.802998364Z

Summary

httpd: Fix of 9 CVEs

Details

CVE-2026-24072: fix modrewrite apexpr privilege escalation in htaccess
CVE-2026-28780: fix modproxyajp ajpmsgcheck_header buffer over-read
CVE-2026-29169: fix moddavlock NULL pointer dereference
CVE-2026-33006: fix modauthdigest timing attack
CVE-2026-33007: fix modauthnsocache NULL pointer dereference
CVE-2026-33523: fix HTTP response splitting via status line
CVE-2026-33857: fix off-by-one OOB reads in AJP getter functions
CVE-2026-34032: fix ajpmsgget_string buffer over-read
CVE-2026-34059: fix ajpparsedata heap over-read

References

https://errata.tuxcare.com/els_os/centos8.5els/CLSA-2026-1778614426.html

Affected packages

TuxCare:CentOS:8.5

httpd

Package

Name: httpd
Purl: pkg:rpm/tuxcare/httpd?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.37-43.module_el8.5.0+2400+7e4a47e1.tuxcare.els18

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778614426.json"

httpd-devel

Package

Name: httpd-devel
Purl: pkg:rpm/tuxcare/httpd-devel?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.37-43.module_el8.5.0+2400+7e4a47e1.tuxcare.els18

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778614426.json"

httpd-filesystem

Package

Name: httpd-filesystem
Purl: pkg:rpm/tuxcare/httpd-filesystem?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.37-43.module_el8.5.0+2400+7e4a47e1.tuxcare.els18

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778614426.json"

httpd-manual

Package

Name: httpd-manual
Purl: pkg:rpm/tuxcare/httpd-manual?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.37-43.module_el8.5.0+2400+7e4a47e1.tuxcare.els18

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778614426.json"

httpd-tools

Package

Name: httpd-tools
Purl: pkg:rpm/tuxcare/httpd-tools?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.37-43.module_el8.5.0+2400+7e4a47e1.tuxcare.els18

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778614426.json"

mod_ldap

Package

Name: mod_ldap
Purl: pkg:rpm/tuxcare/mod_ldap?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.37-43.module_el8.5.0+2400+7e4a47e1.tuxcare.els18

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778614426.json"

mod_proxy_html

Package

Name: mod_proxy_html
Purl: pkg:rpm/tuxcare/mod_proxy_html?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.4.37-43.module_el8.5.0+2400+7e4a47e1.tuxcare.els18

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778614426.json"

mod_session

Package

Name: mod_session
Purl: pkg:rpm/tuxcare/mod_session?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.37-43.module_el8.5.0+2400+7e4a47e1.tuxcare.els18

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778614426.json"

mod_ssl

Package

Name: mod_ssl
Purl: pkg:rpm/tuxcare/mod_ssl?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.4.37-43.module_el8.5.0+2400+7e4a47e1.tuxcare.els18

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778614426.json"