CLSA-2026-1779118869

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779118869.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1779118869

Upstream

CVE-2026-24072

CVE-2026-29169

CVE-2026-33006

CVE-2026-33007

CVE-2026-33523

CVE-2026-33857

CVE-2026-34032

CVE-2026-34059

Published

2026-05-19T00:19:25Z

Modified

2026-06-04T10:04:00.894367304Z

Summary

Fix of 8 CVEs

Details

SECURITY UPDATE: fix off-by-one out-of-bounds read in modproxyajp message getter functions
- debian/patches/CVE-2026-33857-prereq.patch: prerequisite fix for ajpmsgcheck_header bounds check to keep msg->len within buffer
- debian/patches/CVE-2026-33857.patch: fix off-by-one out-of-bounds read in modproxyajp message getter functions
- CVE-2026-33857
SECURITY UPDATE: fix improper null termination and out-of-bounds read in ajpmsggetstring
- debian/patches/CVE-2026-34032.patch: fix improper null termination and out-of-bounds read in ajpmsggetstring
- CVE-2026-34032
SECURITY UPDATE: fix heap buffer over-read in modproxyajp ajpparsedata
- debian/patches/CVE-2026-34059.patch: fix heap buffer over-read in modproxyajp ajpparsedata
- CVE-2026-34059
SECURITY UPDATE: use restricted apexpr parser in htaccess context to prevent local privilege escalation
- debian/patches/CVE-2026-24072.patch: use restricted apexpr parser in htaccess context to prevent local privilege escalation
- CVE-2026-24072
SECURITY UPDATE: fix NULL pointer dereference crash in moddavlock davgenericrefreshlocks
- debian/patches/CVE-2026-29169.patch: fix NULL pointer dereference crash in moddavlock davgenericrefreshlocks
- CVE-2026-29169
SECURITY UPDATE: fix timing attack allowing Digest authentication bypass in modauthdigest
- debian/patches/CVE-2026-33006.patch: fix timing attack allowing Digest authentication bypass in modauthdigest
- CVE-2026-33006
SECURITY UPDATE: fix NULL pointer dereference crash in modauthnsocache
- debian/patches/CVE-2026-33007.patch: fix NULL pointer dereference crash in modauthnsocache
- CVE-2026-33007
SECURITY UPDATE: fix HTTP response splitting via newlines/controls in outgoing status line
- debian/patches/CVE-2026-33523.patch: fix HTTP response splitting via newlines/controls in outgoing status line
- CVE-2026-33523

References

https://errata.tuxcare.com/els_os/debian10els/CLSA-2026-1779118869.html

Affected packages

TuxCare:Debian:10

apache2

Package

Name: apache2
Purl: pkg:deb/tuxcare/apache2?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.59-1~deb10u1+tuxcare.els5

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779118869.json"

apache2-bin

Package

Name: apache2-bin
Purl: pkg:deb/tuxcare/apache2-bin?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.59-1~deb10u1+tuxcare.els5

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779118869.json"

apache2-data

Package

Name: apache2-data
Purl: pkg:deb/tuxcare/apache2-data?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.59-1~deb10u1+tuxcare.els5

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779118869.json"

apache2-dev

Package

Name: apache2-dev
Purl: pkg:deb/tuxcare/apache2-dev?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.59-1~deb10u1+tuxcare.els5

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779118869.json"

apache2-doc

Package

Name: apache2-doc
Purl: pkg:deb/tuxcare/apache2-doc?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.59-1~deb10u1+tuxcare.els5

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779118869.json"

apache2-ssl-dev

Package

Name: apache2-ssl-dev
Purl: pkg:deb/tuxcare/apache2-ssl-dev?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.59-1~deb10u1+tuxcare.els5

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779118869.json"

apache2-suexec-custom

Package

Name: apache2-suexec-custom
Purl: pkg:deb/tuxcare/apache2-suexec-custom?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.59-1~deb10u1+tuxcare.els5

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779118869.json"

apache2-suexec-pristine

Package

Name: apache2-suexec-pristine
Purl: pkg:deb/tuxcare/apache2-suexec-pristine?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.59-1~deb10u1+tuxcare.els5

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779118869.json"

apache2-utils

Package

Name: apache2-utils
Purl: pkg:deb/tuxcare/apache2-utils?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.59-1~deb10u1+tuxcare.els5

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779118869.json"

libapache2-mod-md

Package

Name: libapache2-mod-md
Purl: pkg:deb/tuxcare/libapache2-mod-md?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.59-1~deb10u1+tuxcare.els5

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779118869.json"

libapache2-mod-proxy-uwsgi

Package

Name: libapache2-mod-proxy-uwsgi
Purl: pkg:deb/tuxcare/libapache2-mod-proxy-uwsgi?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.59-1~deb10u1+tuxcare.els5

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1779118869.json"