Alerts This Week
Warning Icon 1 1,111
Alerts This Week
Warning Icon 1 1,111

SUSE Apache2 Important Denial of Service Buffer Overflow Vuln 2026-2717-1

suse
Calendar Grey July 1, 2026
Dist Suse Esm H88
SUSE's important update addresses 13 security issues in apache2, ensuring improved protection for users.
An update that solves 13 vulnerabilities can now be installed.

Summary

## This update for apache2 fixes the following issues * CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). * CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). * CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). * CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). * CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). * CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). * CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). * CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). * CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request`

References

* bsc#1267503

* bsc#1267955

* bsc#1267956

* bsc#1267962

* bsc#1267963

* bsc#1267965

* bsc#1267969

* bsc#1267970

* bsc#1267971

* bsc#1267972

* bsc#1267976

* bsc#1267977

* bsc#1267978

Cross-

* CVE-2026-29167

* CVE-2026-29170

* CVE-2026-34355

* CVE-2026-34356

* CVE-2026-42535

* CVE-2026-42536

* CVE-2026-43951

* CVE-2026-44119

* CVE-2026-44185

* CVE-2026-44186

* CVE-2026-44631

* CVE-2026-48913

* CVE-2026-49975

CVSS scores:

* CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

* CVE-2026-29167 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

* CVE-2026-29170 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2717-1
Release Date: 2026-07-01T08:05:44Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here