CLSA-2026-1779118679

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779118679.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1779118679

Upstream

CVE-2026-24072

CVE-2026-28780

CVE-2026-33006

CVE-2026-33007

CVE-2026-33523

CVE-2026-33857

CVE-2026-34032

CVE-2026-34059

Published

2026-05-18T15:38:03Z

Modified

2026-06-04T10:03:21.193221852Z

Summary

Fix of 8 CVEs

Details

SECURITY UPDATE: modproxyajp heap buffer over-read in ajpmsggetstring
- debian/patches/CVE-2026-34032.patch: add buffer checks in modules/proxy/ajpmsg.c.
- CVE-2026-34032
SECURITY UPDATE: AJP getter functions off-by-one out-of-bounds reads
- debian/patches/CVE-2026-33857.patch: fix length checks in AJP msgget functions in modules/proxy/ajpmsg.c.
- CVE-2026-33857
SECURITY UPDATE: modproxyajp heap over-read in ajpparsedata
- debian/patches/CVE-2026-34059.patch: fix message length check in modules/proxy/ajp_header.c.
- CVE-2026-34059
SECURITY UPDATE: modauthnsocache crash in caching forward proxy
- debian/patches/CVE-2026-33007.patch: validate URL earlier in modules/aaa/modauthnsocache.c.
- CVE-2026-33007
SECURITY UPDATE: HTTP response splitting via malicious backend status line
- debian/patches/CVE-2026-33523.patch: scan outgoing status line for newlines and controls in modules/http/http_filters.c.
- CVE-2026-33523
SECURITY UPDATE: modrewrite elevation of privileges via apexpr in .htaccess
- debian/patches/CVE-2026-24072.patch: use APEXPRFLAGRESTRICTED in htaccess context in modules/mappers/modrewrite.c, modules/metadata/modsetenvif.c, modules/proxy/modproxy_fcgi.c.
- CVE-2026-24072
SECURITY UPDATE: modauthdigest timing attack allowing Digest auth bypass
- debian/patches/CVE-2026-33006.patch: use aprcryptoequals (constant- time comparison) for nonce hash and digest checks, add VALIDNONCE validation and MD5DIGESTLEN length check in getdigestrec, in modules/aaa/modauth_digest.c. Bumps configure.in apr-util requirement to >= 1.6 (bionic ships 1.6.1).
- CVE-2026-33006
SECURITY UPDATE: modproxyajp ajpmsgcheck_header bounds-check fix
- debian/patches/CVE-2026-28780.patch: tighten the upper-bound check in ajpmsgcheckheader() to reserve AJPHEADERLEN bytes of headroom in modules/proxy/ajpmsg.c (companion to CVE-2026-33857/34032).
- CVE-2026-28780

References

https://errata.tuxcare.com/els_os/ubuntu18.04els/CLSA-2026-1779118679.html

Affected packages

TuxCare:Ubuntu:18.04

apache2

Package

Name: apache2
Purl: pkg:deb/tuxcare/apache2?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779118679.json"

apache2-bin

Package

Name: apache2-bin
Purl: pkg:deb/tuxcare/apache2-bin?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779118679.json"

apache2-data

Package

Name: apache2-data
Purl: pkg:deb/tuxcare/apache2-data?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779118679.json"

apache2-dev

Package

Name: apache2-dev
Purl: pkg:deb/tuxcare/apache2-dev?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779118679.json"

apache2-doc

Package

Name: apache2-doc
Purl: pkg:deb/tuxcare/apache2-doc?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779118679.json"

apache2-ssl-dev

Package

Name: apache2-ssl-dev
Purl: pkg:deb/tuxcare/apache2-ssl-dev?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779118679.json"

apache2-suexec-custom

Package

Name: apache2-suexec-custom
Purl: pkg:deb/tuxcare/apache2-suexec-custom?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779118679.json"

apache2-suexec-pristine

Package

Name: apache2-suexec-pristine
Purl: pkg:deb/tuxcare/apache2-suexec-pristine?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779118679.json"

apache2-utils

Package

Name: apache2-utils
Purl: pkg:deb/tuxcare/apache2-utils?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els9

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779118679.json"