CLSA-2026-1779296292

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1779296292.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1779296292

Upstream

CVE-2026-28780

CVE-2026-33006

CVE-2026-33857

CVE-2026-34032

CVE-2026-34059

Published

2026-05-20T16:58:16Z

Modified

2026-06-01T00:33:26.017186486Z

Summary

httpd: Fix of 5 CVEs

Details

CVE-2026-28780: modproxyajp 4-byte heap buffer overflow when contacting a malicious AJP backend (off-by-AJPHEADERLEN check in ajpmsgcheck_header)
CVE-2026-34059: modproxyajp heap over-read in ajpparsedata on short AJP replies
CVE-2026-33006: modauthdigest used non-constant-time strcmp() for nonce-hash and response-digest comparisons; replace with constant-time comparison and validate nonce/digest sizes
CVE-2026-33857: modproxyajp off-by-one out-of-bounds reads in ajpmsggetuint8/uint16/uint32 and ajpmsgpeekuint8/uint16 length checks
CVE-2026-34032: modproxyajp ajpmsgget_string: tighten length check to msg->len and verify the NUL terminator is present

References

https://errata.tuxcare.com/els_os/oraclelinux6els/CLSA-2026-1779296292.html

Affected packages

TuxCare:OracleLinux:6

httpd

Package

Name: httpd
Purl: pkg:rpm/tuxcare/httpd?distro=oraclelinux-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.15-72.el6.tuxcare.els12

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1779296292.json"

httpd-devel

Package

Name: httpd-devel
Purl: pkg:rpm/tuxcare/httpd-devel?distro=oraclelinux-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.15-72.el6.tuxcare.els12

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1779296292.json"

httpd-manual

Package

Name: httpd-manual
Purl: pkg:rpm/tuxcare/httpd-manual?distro=oraclelinux-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.15-72.el6.tuxcare.els12

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1779296292.json"

httpd-tools

Package

Name: httpd-tools
Purl: pkg:rpm/tuxcare/httpd-tools?distro=oraclelinux-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.15-72.el6.tuxcare.els12

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1779296292.json"

mod_ssl

Package

Name: mod_ssl
Purl: pkg:rpm/tuxcare/mod_ssl?distro=oraclelinux-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.2.15-72.el6.tuxcare.els12

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2026-1779296292.json"