OESA-2026-2811

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2811
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2811.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2811
Upstream
  • CVE-2026-43951
  • CVE-2026-44119
Published
2026-07-06T06:26:18Z
Modified
2026-07-06T06:45:11.200579392Z
Summary
httpd security update
Details

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.

Security Fix(es):

Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages.

This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.(CVE-2026-43951)

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.

This issue affects Apache HTTP Server: from through 2.4.67.

Users are recommended to upgrade to version 2.4.68, which fixes the issue.(CVE-2026-44119)

Database specific
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP4 / httpd

Package

Name
httpd
Purl
pkg:rpm/openEuler/httpd&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.43-39.oe2003sp4

Ecosystem specific

{
    "aarch64": [
        "httpd-2.4.43-39.oe2003sp4.aarch64.rpm",
        "httpd-debuginfo-2.4.43-39.oe2003sp4.aarch64.rpm",
        "httpd-debugsource-2.4.43-39.oe2003sp4.aarch64.rpm",
        "httpd-devel-2.4.43-39.oe2003sp4.aarch64.rpm",
        "httpd-tools-2.4.43-39.oe2003sp4.aarch64.rpm",
        "mod_ldap-2.4.43-39.oe2003sp4.aarch64.rpm",
        "mod_md-2.4.43-39.oe2003sp4.aarch64.rpm",
        "mod_proxy_html-2.4.43-39.oe2003sp4.aarch64.rpm",
        "mod_session-2.4.43-39.oe2003sp4.aarch64.rpm",
        "mod_ssl-2.4.43-39.oe2003sp4.aarch64.rpm"
    ],
    "noarch": [
        "httpd-filesystem-2.4.43-39.oe2003sp4.noarch.rpm",
        "httpd-help-2.4.43-39.oe2003sp4.noarch.rpm"
    ],
    "x86_64": [
        "httpd-2.4.43-39.oe2003sp4.x86_64.rpm",
        "httpd-debuginfo-2.4.43-39.oe2003sp4.x86_64.rpm",
        "httpd-debugsource-2.4.43-39.oe2003sp4.x86_64.rpm",
        "httpd-devel-2.4.43-39.oe2003sp4.x86_64.rpm",
        "httpd-tools-2.4.43-39.oe2003sp4.x86_64.rpm",
        "mod_ldap-2.4.43-39.oe2003sp4.x86_64.rpm",
        "mod_md-2.4.43-39.oe2003sp4.x86_64.rpm",
        "mod_proxy_html-2.4.43-39.oe2003sp4.x86_64.rpm",
        "mod_session-2.4.43-39.oe2003sp4.x86_64.rpm",
        "mod_ssl-2.4.43-39.oe2003sp4.x86_64.rpm"
    ],
    "src": [
        "httpd-2.4.43-39.oe2003sp4.src.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2811.json"