Threats Tagged 'cve-2026-34032'

This update includes the following RPMs: httpd: * httpd-2.4.67-0.1.hum1 (aarch64, x86_64) * httpd-core-2.4.67-0.1.hum1 (aarch64, x86_64) * httpd-devel-2.4.67-0.1.hum1 (aarch64, x86_64) * httpd-filesystem-2.4.67-0.1.hum1 (noarch) * httpd-manual-2.4.67-0.1.hum1 (noarch) * httpd-tools-2.4.67-0.1.hum1 (aarch64, x86_64) * mod_ldap-2.4.67-0.1.hum1 (aarch64, x86_64) * mod_lua-2.4.67-0.1.hum1 (aarch64, x86_64) * mod_proxy_html-2.4.67-0.1.hum1 (aarch64, x86_64) * mod_session-2.4.67-0.1.hum1 (aarch64, x86_64) * mod_ssl-2.4.67-0.1.hum1 (aarch64, x86_64) * httpd-2.4.67-0.1.hum1.src (src)

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020) * httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059) * httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032) * httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857) * httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash (CVE-2026-33007) * Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Apache ist ein Webserver für verschiedene Plattformen.

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059) * httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032) * httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857) * httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash (CVE-2026-33007) * Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-34032 is a medium severity vulnerability in Apache HTTP Server involving improper null termination that leads to an out-of-bounds read. The issue affects versions through 2.4.66. Users are advised to upgrade to version 2.4.67, which addresses the vulnerability.