{
  "schema_version": "1.7.0",
  "id": "MGASA-2026-0129",
  "published": "2026-05-13T07:00:52Z",
  "modified": "2026-05-13T06:14:20Z",
  "summary": "Updated apache packages fix security vulnerabilities",
  "details": "http2: double free and possible RCE on early reset. (CVE-2026-23918)\nmod_rewrite elevation of privileges via ap_expr. (CVE-2026-24072)\nbuffer overflow in mod_proxy_ajp via ajp_msg_check_header().\n(CVE-2026-28780)\nmod_md unrestricted OCSP response. (CVE-2026-29168)\nmod_dav_lock indirect lock crash. (CVE-2026-29169)\nmod_auth_digest timing attack. (CVE-2026-33006)\nmod_authn_socache crash. (CVE-2026-33007)\nHTTP response splitting forwarding malicious status line.\n(CVE-2026-33523)\nOff-by-one OOB reads in AJP getter functions. (CVE-2026-33857)\nHeap Buffer Over-Read Due to Missing Null-Termination Check\n(ajp_msg_get_string). (CVE-2026-34032)\nHeap Over-Read and memory disclosure in ajp_parse_data().\n(CVE-2026-34059)\n",
  "upstream": [
    "CVE-2026-23918",
    "CVE-2026-24072",
    "CVE-2026-28780",
    "CVE-2026-29168",
    "CVE-2026-29169",
    "CVE-2026-33006",
    "CVE-2026-33007",
    "CVE-2026-33523",
    "CVE-2026-33857",
    "CVE-2026-34032",
    "CVE-2026-34059"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2026-0129.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=35473"
    },
    {
      "type": "WEB",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2026&m=slackware-security.435691"
    },
    {
      "type": "WEB",
      "url": "https://downloads.apache.org/httpd/CHANGES_2.4.67"
    },
    {
      "type": "WEB",
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/05/04/15"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/05/04/16"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/05/04/17"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/05/04/18"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/05/04/19"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/05/04/20"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/05/04/21"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/05/04/22"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/05/04/23"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/05/05/6"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/05/05/9"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "apache",
        "purl": "pkg:rpm/mageia/apache?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.67-1.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}