Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

openSUSE Apache2 Important Buffer Overflow & DoS Issue 2026-21235-1

opensuse
Calendar Grey July 8, 2026
Dist Opensuse Esm H88
This openSUSE security update addresses 13 important vulnerabilities in apache2, enhancing system protection.
An update that solves 13 vulnerabilities and has 13 bug fixes can now be installed.

Description

This update for apache2 fixes the following issues

- CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976).

- CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977).

- CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978).

- CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955).

- CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956).

- CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962).

- CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963).

- CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965).

- CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969).

- CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of

service (bsc#1267970).

- CVE-2026-44631: crafted regular expression can...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

apache2-2.4.66-160000.3.1

apache2-devel-2.4.66-160000.3.1

apache2-event-2.4.66-160000.3.1

apache2-manual-2.4.66-160000.3.1

apache2-prefork-2.4.66-160000.3.1

apache2-utils-2.4.66-160000.3.1

apache2-worker-2.4.66-160000.3.1

References

* bsc#1267503

* bsc#1267955

* bsc#1267956

* bsc#1267962

* bsc#1267963

* bsc#1267965

* bsc#1267969

* bsc#1267970

* bsc#1267971

* bsc#1267972

* bsc#1267976

* bsc#1267977

* bsc#1267978

References:

* https://www.suse.com/security/cve/CVE-2026-29167.html

* https://www.suse.com/security/cve/CVE-2026-29170.html

* https://www.suse.com/security/cve/CVE-2026-34355.html

* https://www.suse.com/security/cve/CVE-2026-34356.html

* https://www.suse.com/security/cve/CVE-2026-42535.html

* https://www.suse.com/security/cve/CVE-2026-42536.html

* https://www.suse.com/security/cve/CVE-2026-43951.html

* https://www.suse.com/security/cve/CVE-2026-44119.html

* https://www.suse.com/security/cve/CVE-2026-44185.html

* https://www.suse.com/security/cve/CVE-2026-44186.html

* https://www.suse.com/security/cve/CVE-2026-44631.html

* https://www.suse.com/security/cve/CVE-2026-48913.html

* https://www.suse.com/security/cve/CVE-2026-49975.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21235-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.