[CLSA-2026:1779125979] httpd: Fix of CVE-2026-28780
Type:
security
Severity:
Important
Release date:
2026-05-20 08:49:49 UTC
Description:
- CVE-2026-28780: mod_proxy_ajp: heap-based buffer overflow in ajp_msg_check_header() — message size check did not subtract AJP_HEADER_LEN, letting a crafted AJP reply write 4 bytes past the end of the heap buffer
Updated packages:
  • httpd-2.4.6-99.el7.1.tuxcare.els13.x86_64.rpm
    sha:6fe03332d6b47a9cf6a8e7d0f985e71a6273be6f928d3ddaa8cca0207e7b28ec
  • httpd-devel-2.4.6-99.el7.1.tuxcare.els13.x86_64.rpm
    sha:4ccbdf92f195ffb621376db5f83d0ca1df29a5475e3e05b1a799e5556339a8cb
  • httpd-manual-2.4.6-99.el7.1.tuxcare.els13.noarch.rpm
    sha:23a28664afaf33ee2d02f5657244b77b31b7b0fa34d996895dc2fadcc4aa7563
  • httpd-tools-2.4.6-99.el7.1.tuxcare.els13.x86_64.rpm
    sha:9c8c3c2b915b948bdec4bfa3c17e466119935d9b9559737ac03ff31c3fb74904
  • mod_ldap-2.4.6-99.el7.1.tuxcare.els13.x86_64.rpm
    sha:8e9c4e2970681f52a3912977cba96111b2f3c140b888c09dfd8f0829bb726671
  • mod_proxy_html-2.4.6-99.el7.1.tuxcare.els13.x86_64.rpm
    sha:e87534d773c78a3a3506f181a6f2847df922fdf6a047b76a1e2d89e4834ce789
  • mod_session-2.4.6-99.el7.1.tuxcare.els13.x86_64.rpm
    sha:1333f8021137e96096a6f529b409a9a5280dc85121e9d55eaa76a26b690abf52
  • mod_ssl-2.4.6-99.el7.1.tuxcare.els13.x86_64.rpm
    sha:b5bd424e6ab003b7f3e3a97e4077f71c259f27705c5ddb4f9cb35d336a10ff50
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.