Updated apache packages fix security vulnerabilities
Publication date: 13 May 2026Modification date: 13 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-23918 , CVE-2026-24072 , CVE-2026-28780 , CVE-2026-29168 , CVE-2026-29169 , CVE-2026-33006 , CVE-2026-33007 , CVE-2026-33523 , CVE-2026-33857 , CVE-2026-34032 , CVE-2026-34059
Description
http2: double free and possible RCE on early reset. (CVE-2026-23918)
mod_rewrite elevation of privileges via ap_expr. (CVE-2026-24072)
buffer overflow in mod_proxy_ajp via ajp_msg_check_header().
(CVE-2026-28780)
mod_md unrestricted OCSP response. (CVE-2026-29168)
mod_dav_lock indirect lock crash. (CVE-2026-29169)
mod_auth_digest timing attack. (CVE-2026-33006)
mod_authn_socache crash. (CVE-2026-33007)
HTTP response splitting forwarding malicious status line.
(CVE-2026-33523)
Off-by-one OOB reads in AJP getter functions. (CVE-2026-33857)
Heap Buffer Over-Read Due to Missing Null-Termination Check
(ajp_msg_get_string). (CVE-2026-34032)
Heap Over-Read and memory disclosure in ajp_parse_data().
(CVE-2026-34059)
References
- https://bugs.mageia.org/show_bug.cgi?id=35473
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2026&m=slackware-security.435691
- https://downloads.apache.org/httpd/CHANGES_2.4.67
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://www.openwall.com/lists/oss-security/2026/05/04/15
- https://www.openwall.com/lists/oss-security/2026/05/04/16
- https://www.openwall.com/lists/oss-security/2026/05/04/17
- https://www.openwall.com/lists/oss-security/2026/05/04/18
- https://www.openwall.com/lists/oss-security/2026/05/04/19
- https://www.openwall.com/lists/oss-security/2026/05/04/20
- https://www.openwall.com/lists/oss-security/2026/05/04/21
- https://www.openwall.com/lists/oss-security/2026/05/04/22
- https://www.openwall.com/lists/oss-security/2026/05/04/23
- https://www.openwall.com/lists/oss-security/2026/05/05/6
- https://www.openwall.com/lists/oss-security/2026/05/05/9
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23918
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24072
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28780
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29168
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29169
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33006
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33007
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33523
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33857
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34032
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34059
SRPMS
9/core
- apache-2.4.67-1.mga9