[CLSA-2026:1781273712] Fix CVE(s): CVE-2026-29167, CVE-2026-34355, CVE-2026-34356

Type:

security

Severity:

Important

Release date:

2026-06-12 14:15:36 UTC

Description:

   * SECURITY UPDATE: use-after-free in mod_ldap per-directory client
     certificate configuration
     - debian/patches/CVE-2026-29167.patch: deep-copy the per-directory
       client_certs array (each cert path and password) into the connection
       pool in uldap_connection_find() so the cached connection no longer
       retains pointers into the short-lived per-directory config pool in
       modules/ldap/util_ldap.c.
     - CVE-2026-29167
   * SECURITY UPDATE: buffer overflow in mod_proxy_html with an untrusted
     backend response
     - debian/patches/CVE-2026-34355.patch: replace the hand-managed
       preserve()/pappend() output buffer with the bounds-checked ap_varbuf
       API (ap_varbuf_grow, ap_varbuf_strmemcat, ap_varbuf_regsub) for the
       CDATA, element and event URL rewrites so an oversized substitution
       can no longer overflow the buffer in
       modules/filters/mod_proxy_html.c.
     - CVE-2026-34355
   * SECURITY UPDATE: heap buffer overflow in mod_proxy ProxyPassReverseCookie
     handling with a malicious backend response
     - debian/patches/CVE-2026-34356.patch: reset newpath/pdiff and
       newdomain/ddiff for each path= and domain= cookie attribute in
       ap_proxy_cookie_reverse_map() so a duplicate attribute can no longer
       reuse a stale length offset and overflow the rewritten cookie buffer
       in modules/proxy/proxy_util.c.
     - CVE-2026-34356

CVEs fixed:

Updated packages:

apache2_2.4.41-4ubuntu3.23+tuxcare.els5_amd64.deb
sha:4b8cf099833c4a12e3f2509c004c37c432ee00b3
apache2-bin_2.4.41-4ubuntu3.23+tuxcare.els5_amd64.deb
sha:6036ef4c20e6db4ec9571c7b863c0f90dd062dac
apache2-data_2.4.41-4ubuntu3.23+tuxcare.els5_all.deb
sha:ce7d75fd76decbb18cc4af57b95460e7881f910f
apache2-dev_2.4.41-4ubuntu3.23+tuxcare.els5_amd64.deb
sha:02d6f53269cf6f8836213a85d64f4e006f6f76bc
apache2-doc_2.4.41-4ubuntu3.23+tuxcare.els5_all.deb
sha:73c985c8272eea56cf865bbdb2fcdb202329bc71
apache2-ssl-dev_2.4.41-4ubuntu3.23+tuxcare.els5_amd64.deb
sha:de1b8026dbf0a2920b2c8303908c1ed56101e0ff
apache2-suexec-custom_2.4.41-4ubuntu3.23+tuxcare.els5_amd64.deb
sha:59ac38d14095e2fc5389e2ef47c95ee84b9c77c2
apache2-suexec-pristine_2.4.41-4ubuntu3.23+tuxcare.els5_amd64.deb
sha:a5d83608419479c783eda0543540ec68c64c7ed4
apache2-utils_2.4.41-4ubuntu3.23+tuxcare.els5_amd64.deb
sha:232f1ebfe9383930d34a024b4e6dd363a3137ad3
libapache2-mod-md_2.4.41-4ubuntu3.23+tuxcare.els5_amd64.deb
sha:11e31a485f98b87fb6ecdf4304bf84d91867f883
libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.23+tuxcare.els5_amd64.deb
sha:524f13e6f95d87209f29be9fe3c38c16ac18161e

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.