Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Mageia 9 Apache Security Fix RCE Buffer Overflow MGASA-2026-0129

mageia
Calendar Grey May 13, 2026
Dist Mageia Esm H88
Updated apache packages for Mageia fix several security issues including RCE and buffer overflow vulnerabilities.
MGASA-2026-0129 - Updated apache packages fix security vulnerabilities

Summary

Description: http2: double free and possible RCE on early reset. (CVE-2026-23918) mod_rewrite elevation of privileges via ap_expr. (CVE-2026-24072) buffer overflow in mod_proxy_ajp via ajp_msg_check_header(). (CVE-2026-28780) mod_md unrestricted OCSP response. (CVE-2026-29168) mod_dav_lock indirect lock crash. (CVE-2026-29169) mod_auth_digest timing attack. (CVE-2026-33006) mod_authn_socache crash. (CVE-2026-33007) HTTP response splitting forwarding malicious status line. (CVE-2026-33523) Off-by-one OOB reads in AJP getter functions. (CVE-2026-33857) Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string). (CVE-2026-34032) Heap Over-Read and memory disclosure in ajp_parse_data(). (CVE-2026-34059)

References

- https://bugs.mageia.org/show_bug.cgi?id=35473

- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2026&m=slackware-security.435691

- https://downloads.apache.org/httpd/CHANGES_2.4.67

- https://httpd.apache.org/security/vulnerabilities_24.html

- https://www.openwall.com/lists/oss-security/2026/05/04/15

- https://www.openwall.com/lists/oss-security/2026/05/04/16

- https://www.openwall.com/lists/oss-security/2026/05/04/17

- https://www.openwall.com/lists/oss-security/2026/05/04/18

- https://www.openwall.com/lists/oss-security/2026/05/04/19

- https://www.openwall.com/lists/oss-security/2026/05/04/20

- https://www.openwall.com/lists/oss-security/2026/05/04/21

- https://www.openwall.com/lists/oss-security/2026/05/04/22

- https://www.openwall.com/lists/oss-security/2026/05/04/23

- https://www.openwall.com/lists/oss-security/2026/05/05/6

- https://www.openwall.com/lists/oss-security/2026/05/05/9

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23918

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24072

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28780

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29168

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29169

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33006

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33007

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33523

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33857

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34032

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34059

Topics%20covered

Topics Covered

security advisory buffer overflow remote code execution privilege escalation apache Mageia

Resolution

SRPMS

- 9/core/apache-2.4.67-1.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 13 May 2026
URL: https://advisories.mageia.org/MGASA-2026-0129.html
Type: security
CVE: CVE-2026-23918, CVE-2026-24072, CVE-2026-28780, CVE-2026-29168, CVE-2026-29169, CVE-2026-33006, CVE-2026-33007, CVE-2026-33523, CVE-2026-33857, CVE-2026-34032, CVE-2026-34059

Topics%20covered

Topics Covered

security advisory buffer overflow remote code execution privilege escalation apache Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here