Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 235 articles for you...
172

Ubuntu Apache2 Critical Denial of Service Threats USN-8516-1

Several security issues were fixed in Apache HTTP Server.. ========================================================================== Ubuntu Security Notice USN-8516-1 July 08, 2026 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: It was discovered that Apache HTTP Server's mod_ldap module incorrectly handled memory when processing per-directory configurations. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-29167) It was discovered that Apache HTTP Server's mod_proxy_ftp module incorrectly handled HTML generation for FTP directory listings. A remote attacker could possibly use this issue to inject arbitrary web script or HTML. (CVE-2026-29170) It was discovered that Apache HTTP Server's mod_proxy_html module incorrectly handled certain content from an untrusted backend. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-34355) It was discovered that Apache HTTP Server incorrectly handled ProxyPassReverseCookie directives with a malicious backend server. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-34356) It was discovered that Apache HTTP Server's mod_dav_fs module incorrectly handled certain path operations. An authenticated user could possibly use this issue to manipulate trusted WebDAV property databases or cause a denial of service. (CVE-2026-42535) It was discovered that Apache HTTP Server's mod_xml2enc module incorrectly handled certain content from an untrusted backend. A remote attacker could possibly use this issue to cause ApacheHTTP Server to crash, resulting in a denial of service. (CVE-2026-42536) It was discovered that Apache HTTP Server incorrectly handled response headers when multiple content languages were configured. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-43951) It was discovered that Apache HTTP Server incorrectly restricted certain file functions in expressions within .htaccess files. A local attacker with .htaccess write access could possibly use this issue to obtain sensitive information. (CVE-2026-44119) It was discovered that Apache HTTP Server's mod_ssl module incorrectly handled OCSP responses from an attacker-controlled server. A remote attacker could possibly use this issue to obtain sensitive information or cause a denial of service. (CVE-2026-44185) It was discovered that Apache HTTP Server's mod_proxy_ftp module incorrectly handled responses from an attacker-controlled backend FTP server. A remote attacker could possibly use this issue to cause Apache HTTP Server to stop responding, resulting in a denial of service. (CVE-2026-44186) It was discovered that Apache HTTP Server incorrectly handled crafted regular expressions in the server configuration. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2026-44631) It was discovered that Apache HTTP Server's mod_http2 module had a use-after-free vulnerability when file handles were exhausted. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-48913) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS apache2 2.4.66-2ubuntu2.4 Ubuntu 24.04 LTS apache2 2.4.58-1ubuntu8.15 Ubuntu 22.04 LTS apache2 2.4.52-1ubuntu4.23 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8516-1 CVE-2026-29167, CVE-2026-29170, CVE-2026-34355, CVE-2026-34356, CVE-2026-42535, CVE-2026-42536, CVE-2026-43951, CVE-2026-44119, CVE-2026-44185, CVE-2026-44186, CVE-2026-44631, CVE-2026-48913 Package Information: https://launchpad.net/ubuntu/+source/apache2/2.4.66-2ubuntu2.4 https://launchpad.net/ubuntu/+source/apache2/2.4.58-1ubuntu8.15 https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.23 . Numerous security issues in Apache HTTP Server require updates in Ubuntu LTS for protection against potential threats.. Apache HTTP Server vulnerabilities, Ubuntu security fix, Denial of service, Remote attacker risks. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 Critical Ubuntu
202

openSUSE Apache2 Important Buffer Overflow & DoS Issue 2026-21235-1

An update that solves 13 vulnerabilities and has 13 bug fixes can now be installed.. openSUSE security update: security update for apache2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21235-1 Rating: important References: * bsc#1267503 * bsc#1267955 * bsc#1267956 * bsc#1267962 * bsc#1267963 * bsc#1267965 * bsc#1267969 * bsc#1267970 * bsc#1267971 * bsc#1267972 * bsc#1267976 * bsc#1267977 * bsc#1267978 Cross-References: * CVE-2026-29167 * CVE-2026-29170 * CVE-2026-34355 * CVE-2026-34356 * CVE-2026-42535 * CVE-2026-42536 * CVE-2026-43951 * CVE-2026-44119 * CVE-2026-44185 * CVE-2026-44186 * CVE-2026-44631 * CVE-2026-48913 * CVE-2026-49975 CVSS scores: * CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-42535 ( SUSE ): 7 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-44185 ( SUSE ): 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 13 vulnerabilities and has 13 bug fixes can now be installed. Description: This update for apache2 fixes the following issues - CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). - CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). - CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). - CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). - CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). - CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). - CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). - CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). - CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969). - CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of service (bsc#1267970). - CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971). - CVE-2026-48913: file handleexhaustion during request processing in mod_http2 can lead to a use-after-free (bsc#1267972). - CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1149=1 Package List: - openSUSE Leap 16.0: apache2-2.4.66-160000.3.1 apache2-devel-2.4.66-160000.3.1 apache2-event-2.4.66-160000.3.1 apache2-manual-2.4.66-160000.3.1 apache2-prefork-2.4.66-160000.3.1 apache2-utils-2.4.66-160000.3.1 apache2-worker-2.4.66-160000.3.1 References: * https://www.suse.com/security/cve/CVE-2026-29167.html * https://www.suse.com/security/cve/CVE-2026-29170.html * https://www.suse.com/security/cve/CVE-2026-34355.html * https://www.suse.com/security/cve/CVE-2026-34356.html * https://www.suse.com/security/cve/CVE-2026-42535.html * https://www.suse.com/security/cve/CVE-2026-42536.html * https://www.suse.com/security/cve/CVE-2026-43951.html * https://www.suse.com/security/cve/CVE-2026-44119.html * https://www.suse.com/security/cve/CVE-2026-44185.html * https://www.suse.com/security/cve/CVE-2026-44186.html * https://www.suse.com/security/cve/CVE-2026-44631.html * https://www.suse.com/security/cve/CVE-2026-48913.html * https://www.suse.com/security/cve/CVE-2026-49975.html . This openSUSE security update addresses 13 important vulnerabilities in apache2, enhancing system protection.. openSUSE security update, apache2 vulnerabilities, important security fix, buffer overflow issue, apache2 patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 Important OpenSUSE
100

SUSE Apache2 Important Security Issues Addressed 2026-2759-1

An update that solves 13 vulnerabilities can now be installed.. # Security update for apache2 Announcement ID: SUSE-SU-2026:2759-1 Release Date: 2026-07-06T02:04:25Z Rating: important References: * bsc#1267503 * bsc#1267955 * bsc#1267956 * bsc#1267962 * bsc#1267963 * bsc#1267965 * bsc#1267969 * bsc#1267970 * bsc#1267971 * bsc#1267972 * bsc#1267976 * bsc#1267977 * bsc#1267978 Cross-References: * CVE-2026-29167 * CVE-2026-29170 * CVE-2026-34355 * CVE-2026-34356 * CVE-2026-42535 * CVE-2026-42536 * CVE-2026-43951 * CVE-2026-44119 * CVE-2026-44185 * CVE-2026-44186 * CVE-2026-44631 * CVE-2026-48913 * CVE-2026-49975 CVSS scores: * CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29167 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-29170 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42535 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-42535 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42536( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-43951 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44185 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-44186 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-44631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48913 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H AffectedProducts: * Basesystem Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for apache2 fixes the following issues * CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). * CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). * CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). * CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). * CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). * CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). * CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). * CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). * CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969). * CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of service (bsc#1267970). * CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971). * CVE-2026-48913: file handle exhaustion during request processing in mod_http2 can lead to a use-after-free (bsc#1267972). * CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2759=1 * Basesystem Module15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2759=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-2759=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * apache2-prefork-2.4.66-150700.4.23.1 * apache2-debuginfo-2.4.66-150700.4.23.1 * apache2-prefork-debuginfo-2.4.66-150700.4.23.1 * apache2-prefork-debugsource-2.4.66-150700.4.23.1 * apache2-2.4.66-150700.4.23.1 * apache2-debugsource-2.4.66-150700.4.23.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * apache2-utils-debuginfo-2.4.66-150700.4.23.1 * apache2-worker-debuginfo-2.4.66-150700.4.23.1 * apache2-worker-2.4.66-150700.4.23.1 * apache2-worker-debugsource-2.4.66-150700.4.23.1 * apache2-devel-2.4.66-150700.4.23.1 * apache2-utils-2.4.66-150700.4.23.1 * apache2-utils-debugsource-2.4.66-150700.4.23.1 * Server Applications Module 15-SP7 (noarch) * apache2-manual-2.4.66-150700.4.23.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * apache2-event-debugsource-2.4.66-150700.4.23.1 * apache2-event-2.4.66-150700.4.23.1 * apache2-event-debuginfo-2.4.66-150700.4.23.1 ## References: * https://www.suse.com/security/cve/CVE-2026-29167.html * https://www.suse.com/security/cve/CVE-2026-29170.html * https://www.suse.com/security/cve/CVE-2026-34355.html * https://www.suse.com/security/cve/CVE-2026-34356.html * https://www.suse.com/security/cve/CVE-2026-42535.html * https://www.suse.com/security/cve/CVE-2026-42536.html * https://www.suse.com/security/cve/CVE-2026-43951.html * https://www.suse.com/security/cve/CVE-2026-44119.html * https://www.suse.com/security/cve/CVE-2026-44185.html * https://www.suse.com/security/cve/CVE-2026-44186.html * https://www.suse.com/security/cve/CVE-2026-44631.html * https://www.suse.com/security/cve/CVE-2026-48913.html * https://www.suse.com/security/cve/CVE-2026-49975.html *https://bugzilla.suse.com/show_bug.cgi?id=1267503 * https://bugzilla.suse.com/show_bug.cgi?id=1267955 * https://bugzilla.suse.com/show_bug.cgi?id=1267956 * https://bugzilla.suse.com/show_bug.cgi?id=1267962 * https://bugzilla.suse.com/show_bug.cgi?id=1267963 * https://bugzilla.suse.com/show_bug.cgi?id=1267965 * https://bugzilla.suse.com/show_bug.cgi?id=1267969 * https://bugzilla.suse.com/show_bug.cgi?id=1267970 * https://bugzilla.suse.com/show_bug.cgi?id=1267971 * https://bugzilla.suse.com/show_bug.cgi?id=1267972 * https://bugzilla.suse.com/show_bug.cgi?id=1267976 * https://bugzilla.suse.com/show_bug.cgi?id=1267977 * https://bugzilla.suse.com/show_bug.cgi?id=1267978 . This SUSE security update addresses 13 important vulnerabilities in Apache2, enhancing system protection and integrity.. SUSE security Apache2 vulnerabilities update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 06, 2026 Important SuSE
202

openSUSE Apache2 Important Buffer Overflow Denial of Service 2026-2735-1

An update that solves 13 vulnerabilities can now be installed.. # Security update for apache2 Announcement ID: SUSE-SU-2026:2735-1 Release Date: 2026-07-02T22:36:37Z Rating: important References: * bsc#1267503 * bsc#1267955 * bsc#1267956 * bsc#1267962 * bsc#1267963 * bsc#1267965 * bsc#1267969 * bsc#1267970 * bsc#1267971 * bsc#1267972 * bsc#1267976 * bsc#1267977 * bsc#1267978 Cross-References: * CVE-2026-29167 * CVE-2026-29170 * CVE-2026-34355 * CVE-2026-34356 * CVE-2026-42535 * CVE-2026-42536 * CVE-2026-43951 * CVE-2026-44119 * CVE-2026-44185 * CVE-2026-44186 * CVE-2026-44631 * CVE-2026-48913 * CVE-2026-49975 CVSS scores: * CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29167 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-29170 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42535 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-42535 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42536( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-43951 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44185 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-44186 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-44631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48913 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H AffectedProducts: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for apache2 fixes the following issues * CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). * CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). * CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). * CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). * CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). * CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). * CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). * CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). * CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969). * CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of service (bsc#1267970). * CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971). * CVE-2026-48913: file handle exhaustion during request processing in mod_http2 can lead to a use-after-free (bsc#1267972). * CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2735=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2735=1 *openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2735=1 ## Package List: * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * apache2-worker-2.4.66-150600.5.55.1 * apache2-event-debugsource-2.4.66-150600.5.55.1 * apache2-utils-debugsource-2.4.66-150600.5.55.1 * apache2-event-debuginfo-2.4.66-150600.5.55.1 * apache2-debuginfo-2.4.66-150600.5.55.1 * apache2-devel-2.4.66-150600.5.55.1 * apache2-utils-2.4.66-150600.5.55.1 * apache2-worker-debugsource-2.4.66-150600.5.55.1 * apache2-prefork-2.4.66-150600.5.55.1 * apache2-event-2.4.66-150600.5.55.1 * apache2-prefork-debugsource-2.4.66-150600.5.55.1 * apache2-debugsource-2.4.66-150600.5.55.1 * apache2-worker-debuginfo-2.4.66-150600.5.55.1 * apache2-2.4.66-150600.5.55.1 * apache2-prefork-debuginfo-2.4.66-150600.5.55.1 * apache2-utils-debuginfo-2.4.66-150600.5.55.1 * openSUSE Leap 15.6 (noarch) * apache2-manual-2.4.66-150600.5.55.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * apache2-manual-2.4.66-150600.5.55.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * apache2-worker-2.4.66-150600.5.55.1 * apache2-utils-debugsource-2.4.66-150600.5.55.1 * apache2-debuginfo-2.4.66-150600.5.55.1 * apache2-devel-2.4.66-150600.5.55.1 * apache2-utils-2.4.66-150600.5.55.1 * apache2-worker-debugsource-2.4.66-150600.5.55.1 * apache2-prefork-2.4.66-150600.5.55.1 * apache2-worker-debuginfo-2.4.66-150600.5.55.1 * apache2-debugsource-2.4.66-150600.5.55.1 * apache2-prefork-debugsource-2.4.66-150600.5.55.1 * apache2-2.4.66-150600.5.55.1 * apache2-prefork-debuginfo-2.4.66-150600.5.55.1 * apache2-utils-debuginfo-2.4.66-150600.5.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * apache2-worker-2.4.66-150600.5.55.1 * apache2-utils-debugsource-2.4.66-150600.5.55.1 * apache2-debuginfo-2.4.66-150600.5.55.1 * apache2-devel-2.4.66-150600.5.55.1 *apache2-utils-2.4.66-150600.5.55.1 * apache2-worker-debugsource-2.4.66-150600.5.55.1 * apache2-prefork-2.4.66-150600.5.55.1 * apache2-prefork-debugsource-2.4.66-150600.5.55.1 * apache2-debugsource-2.4.66-150600.5.55.1 * apache2-worker-debuginfo-2.4.66-150600.5.55.1 * apache2-2.4.66-150600.5.55.1 * apache2-prefork-debuginfo-2.4.66-150600.5.55.1 * apache2-utils-debuginfo-2.4.66-150600.5.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * apache2-manual-2.4.66-150600.5.55.1 ## References: * https://www.suse.com/security/cve/CVE-2026-29167.html * https://www.suse.com/security/cve/CVE-2026-29170.html * https://www.suse.com/security/cve/CVE-2026-34355.html * https://www.suse.com/security/cve/CVE-2026-34356.html * https://www.suse.com/security/cve/CVE-2026-42535.html * https://www.suse.com/security/cve/CVE-2026-42536.html * https://www.suse.com/security/cve/CVE-2026-43951.html * https://www.suse.com/security/cve/CVE-2026-44119.html * https://www.suse.com/security/cve/CVE-2026-44185.html * https://www.suse.com/security/cve/CVE-2026-44186.html * https://www.suse.com/security/cve/CVE-2026-44631.html * https://www.suse.com/security/cve/CVE-2026-48913.html * https://www.suse.com/security/cve/CVE-2026-49975.html * https://bugzilla.suse.com/show_bug.cgi?id=1267503 * https://bugzilla.suse.com/show_bug.cgi?id=1267955 * https://bugzilla.suse.com/show_bug.cgi?id=1267956 * https://bugzilla.suse.com/show_bug.cgi?id=1267962 * https://bugzilla.suse.com/show_bug.cgi?id=1267963 * https://bugzilla.suse.com/show_bug.cgi?id=1267965 * https://bugzilla.suse.com/show_bug.cgi?id=1267969 * https://bugzilla.suse.com/show_bug.cgi?id=1267970 * https://bugzilla.suse.com/show_bug.cgi?id=1267971 * https://bugzilla.suse.com/show_bug.cgi?id=1267972 * https://bugzilla.suse.com/show_bug.cgi?id=1267976 * https://bugzilla.suse.com/show_bug.cgi?id=1267977 * https://bugzilla.suse.com/show_bug.cgi?id=1267978 . This update addresses 13important vulnerabilities in Apache2, enhancing security for openSUSE users.. SUSE Apache2 Update, Important Vulnerabilities Patch, Security Advisory OpenSUSE. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 03, 2026 Important OpenSUSE
100

SUSE Apache2 Important Buffer Overflow Denial Of Service Vuln 2026-2735-1

An update that solves 13 vulnerabilities can now be installed.. # Security update for apache2 Announcement ID: SUSE-SU-2026:2735-1 Release Date: 2026-07-02T22:36:37Z Rating: important References: * bsc#1267503 * bsc#1267955 * bsc#1267956 * bsc#1267962 * bsc#1267963 * bsc#1267965 * bsc#1267969 * bsc#1267970 * bsc#1267971 * bsc#1267972 * bsc#1267976 * bsc#1267977 * bsc#1267978 Cross-References: * CVE-2026-29167 * CVE-2026-29170 * CVE-2026-34355 * CVE-2026-34356 * CVE-2026-42535 * CVE-2026-42536 * CVE-2026-43951 * CVE-2026-44119 * CVE-2026-44185 * CVE-2026-44186 * CVE-2026-44631 * CVE-2026-48913 * CVE-2026-49975 CVSS scores: * CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29167 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-29170 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42535 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-42535 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42536( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-43951 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44185 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-44186 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-44631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48913 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H AffectedProducts: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for apache2 fixes the following issues * CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). * CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). * CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). * CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). * CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). * CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). * CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). * CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). * CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969). * CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of service (bsc#1267970). * CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971). * CVE-2026-48913: file handle exhaustion during request processing in mod_http2 can lead to a use-after-free (bsc#1267972). * CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2735=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2735=1 *openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2735=1 ## Package List: * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * apache2-worker-2.4.66-150600.5.55.1 * apache2-event-debugsource-2.4.66-150600.5.55.1 * apache2-utils-debugsource-2.4.66-150600.5.55.1 * apache2-event-debuginfo-2.4.66-150600.5.55.1 * apache2-debuginfo-2.4.66-150600.5.55.1 * apache2-devel-2.4.66-150600.5.55.1 * apache2-utils-2.4.66-150600.5.55.1 * apache2-worker-debugsource-2.4.66-150600.5.55.1 * apache2-prefork-2.4.66-150600.5.55.1 * apache2-event-2.4.66-150600.5.55.1 * apache2-prefork-debugsource-2.4.66-150600.5.55.1 * apache2-debugsource-2.4.66-150600.5.55.1 * apache2-worker-debuginfo-2.4.66-150600.5.55.1 * apache2-2.4.66-150600.5.55.1 * apache2-prefork-debuginfo-2.4.66-150600.5.55.1 * apache2-utils-debuginfo-2.4.66-150600.5.55.1 * openSUSE Leap 15.6 (noarch) * apache2-manual-2.4.66-150600.5.55.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * apache2-manual-2.4.66-150600.5.55.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * apache2-worker-2.4.66-150600.5.55.1 * apache2-utils-debugsource-2.4.66-150600.5.55.1 * apache2-debuginfo-2.4.66-150600.5.55.1 * apache2-devel-2.4.66-150600.5.55.1 * apache2-utils-2.4.66-150600.5.55.1 * apache2-worker-debugsource-2.4.66-150600.5.55.1 * apache2-prefork-2.4.66-150600.5.55.1 * apache2-worker-debuginfo-2.4.66-150600.5.55.1 * apache2-debugsource-2.4.66-150600.5.55.1 * apache2-prefork-debugsource-2.4.66-150600.5.55.1 * apache2-2.4.66-150600.5.55.1 * apache2-prefork-debuginfo-2.4.66-150600.5.55.1 * apache2-utils-debuginfo-2.4.66-150600.5.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * apache2-worker-2.4.66-150600.5.55.1 * apache2-utils-debugsource-2.4.66-150600.5.55.1 * apache2-debuginfo-2.4.66-150600.5.55.1 * apache2-devel-2.4.66-150600.5.55.1 *apache2-utils-2.4.66-150600.5.55.1 * apache2-worker-debugsource-2.4.66-150600.5.55.1 * apache2-prefork-2.4.66-150600.5.55.1 * apache2-prefork-debugsource-2.4.66-150600.5.55.1 * apache2-debugsource-2.4.66-150600.5.55.1 * apache2-worker-debuginfo-2.4.66-150600.5.55.1 * apache2-2.4.66-150600.5.55.1 * apache2-prefork-debuginfo-2.4.66-150600.5.55.1 * apache2-utils-debuginfo-2.4.66-150600.5.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * apache2-manual-2.4.66-150600.5.55.1 ## References: * https://www.suse.com/security/cve/CVE-2026-29167.html * https://www.suse.com/security/cve/CVE-2026-29170.html * https://www.suse.com/security/cve/CVE-2026-34355.html * https://www.suse.com/security/cve/CVE-2026-34356.html * https://www.suse.com/security/cve/CVE-2026-42535.html * https://www.suse.com/security/cve/CVE-2026-42536.html * https://www.suse.com/security/cve/CVE-2026-43951.html * https://www.suse.com/security/cve/CVE-2026-44119.html * https://www.suse.com/security/cve/CVE-2026-44185.html * https://www.suse.com/security/cve/CVE-2026-44186.html * https://www.suse.com/security/cve/CVE-2026-44631.html * https://www.suse.com/security/cve/CVE-2026-48913.html * https://www.suse.com/security/cve/CVE-2026-49975.html * https://bugzilla.suse.com/show_bug.cgi?id=1267503 * https://bugzilla.suse.com/show_bug.cgi?id=1267955 * https://bugzilla.suse.com/show_bug.cgi?id=1267956 * https://bugzilla.suse.com/show_bug.cgi?id=1267962 * https://bugzilla.suse.com/show_bug.cgi?id=1267963 * https://bugzilla.suse.com/show_bug.cgi?id=1267965 * https://bugzilla.suse.com/show_bug.cgi?id=1267969 * https://bugzilla.suse.com/show_bug.cgi?id=1267970 * https://bugzilla.suse.com/show_bug.cgi?id=1267971 * https://bugzilla.suse.com/show_bug.cgi?id=1267972 * https://bugzilla.suse.com/show_bug.cgi?id=1267976 * https://bugzilla.suse.com/show_bug.cgi?id=1267977 * https://bugzilla.suse.com/show_bug.cgi?id=1267978 . Install the important securityupdate for apache2 in openSUSE to address 13 vulnerabilities and enhance security.. SUSE Linux, apache2, security updates, openSUSE, vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 03, 2026 Important SuSE
100

SUSE Apache2 Important Denial of Service Buffer Overflow Vuln 2026-2717-1

An update that solves 13 vulnerabilities can now be installed.. # Security update for apache2 Announcement ID: SUSE-SU-2026:2717-1 Release Date: 2026-07-01T08:05:44Z Rating: important References: * bsc#1267503 * bsc#1267955 * bsc#1267956 * bsc#1267962 * bsc#1267963 * bsc#1267965 * bsc#1267969 * bsc#1267970 * bsc#1267971 * bsc#1267972 * bsc#1267976 * bsc#1267977 * bsc#1267978 Cross-References: * CVE-2026-29167 * CVE-2026-29170 * CVE-2026-34355 * CVE-2026-34356 * CVE-2026-42535 * CVE-2026-42536 * CVE-2026-43951 * CVE-2026-44119 * CVE-2026-44185 * CVE-2026-44186 * CVE-2026-44631 * CVE-2026-48913 * CVE-2026-49975 CVSS scores: * CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29167 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-29170 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42535 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-42535 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42536( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-43951 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44185 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-44186 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-44631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48913 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H AffectedProducts: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for apache2 fixes the following issues * CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). * CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). * CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). * CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). * CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). * CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). * CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). * CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). * CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969). * CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of service (bsc#1267970). * CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971). * CVE-2026-48913: file handle exhaustion during request processing in mod_http2 can lead to a use-after-free (bsc#1267972). * CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2717=1 * SUSE Linux Enterprise Server 12 SP5LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2717=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * apache2-tls13-devel-2.4.66-35.81.1 * apache2-worker-2.4.66-35.81.1 * apache2-devel-2.4.66-35.81.1 * apache2-tls13-debugsource-2.4.66-35.81.1 * apache2-tls13-example-pages-2.4.66-35.81.1 * apache2-tls13-worker-debuginfo-2.4.66-35.81.1 * apache2-debugsource-2.4.66-35.81.1 * apache2-example-pages-2.4.66-35.81.1 * apache2-tls13-debuginfo-2.4.66-35.81.1 * apache2-worker-debuginfo-2.4.66-35.81.1 * apache2-tls13-utils-2.4.66-35.81.1 * apache2-tls13-prefork-2.4.66-35.81.1 * apache2-tls13-worker-2.4.66-35.81.1 * apache2-utils-debuginfo-2.4.66-35.81.1 * apache2-tls13-2.4.66-35.81.1 * apache2-utils-2.4.66-35.81.1 * apache2-prefork-2.4.66-35.81.1 * apache2-tls13-utils-debuginfo-2.4.66-35.81.1 * apache2-debuginfo-2.4.66-35.81.1 * apache2-tls13-prefork-debuginfo-2.4.66-35.81.1 * apache2-2.4.66-35.81.1 * apache2-prefork-debuginfo-2.4.66-35.81.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * apache2-tls13-doc-2.4.66-35.81.1 * apache2-doc-2.4.66-35.81.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * apache2-tls13-devel-2.4.66-35.81.1 * apache2-devel-2.4.66-35.81.1 * apache2-worker-2.4.66-35.81.1 * apache2-tls13-debugsource-2.4.66-35.81.1 * apache2-tls13-example-pages-2.4.66-35.81.1 * apache2-tls13-worker-debuginfo-2.4.66-35.81.1 * apache2-debugsource-2.4.66-35.81.1 * apache2-example-pages-2.4.66-35.81.1 * apache2-prefork-debuginfo-2.4.66-35.81.1 * apache2-tls13-debuginfo-2.4.66-35.81.1 * apache2-worker-debuginfo-2.4.66-35.81.1 * apache2-tls13-utils-2.4.66-35.81.1 * apache2-tls13-prefork-2.4.66-35.81.1 * apache2-tls13-worker-2.4.66-35.81.1 * apache2-utils-debuginfo-2.4.66-35.81.1 * apache2-tls13-2.4.66-35.81.1 *apache2-prefork-2.4.66-35.81.1 * apache2-tls13-utils-debuginfo-2.4.66-35.81.1 * apache2-debuginfo-2.4.66-35.81.1 * apache2-tls13-prefork-debuginfo-2.4.66-35.81.1 * apache2-2.4.66-35.81.1 * apache2-utils-2.4.66-35.81.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * apache2-tls13-doc-2.4.66-35.81.1 * apache2-doc-2.4.66-35.81.1 ## References: * https://www.suse.com/security/cve/CVE-2026-29167.html * https://www.suse.com/security/cve/CVE-2026-29170.html * https://www.suse.com/security/cve/CVE-2026-34355.html * https://www.suse.com/security/cve/CVE-2026-34356.html * https://www.suse.com/security/cve/CVE-2026-42535.html * https://www.suse.com/security/cve/CVE-2026-42536.html * https://www.suse.com/security/cve/CVE-2026-43951.html * https://www.suse.com/security/cve/CVE-2026-44119.html * https://www.suse.com/security/cve/CVE-2026-44185.html * https://www.suse.com/security/cve/CVE-2026-44186.html * https://www.suse.com/security/cve/CVE-2026-44631.html * https://www.suse.com/security/cve/CVE-2026-48913.html * https://www.suse.com/security/cve/CVE-2026-49975.html * https://bugzilla.suse.com/show_bug.cgi?id=1267503 * https://bugzilla.suse.com/show_bug.cgi?id=1267955 * https://bugzilla.suse.com/show_bug.cgi?id=1267956 * https://bugzilla.suse.com/show_bug.cgi?id=1267962 * https://bugzilla.suse.com/show_bug.cgi?id=1267963 * https://bugzilla.suse.com/show_bug.cgi?id=1267965 * https://bugzilla.suse.com/show_bug.cgi?id=1267969 * https://bugzilla.suse.com/show_bug.cgi?id=1267970 * https://bugzilla.suse.com/show_bug.cgi?id=1267971 * https://bugzilla.suse.com/show_bug.cgi?id=1267972 * https://bugzilla.suse.com/show_bug.cgi?id=1267976 * https://bugzilla.suse.com/show_bug.cgi?id=1267977 * https://bugzilla.suse.com/show_bug.cgi?id=1267978 . SUSE's important update addresses 13 security issues in apache2, ensuring improved protection for users.. apache2 security patch,SUSE update,security vulnerabilities. . Severity: Important.LinuxSecurity.com Team

Calendar%202 Jul 01, 2026 Important SuSE
202

openSUSE Apache2 Important Updates for RCE DoS Issues 2026-2686-1

An update that solves 66 vulnerabilities and contains one feature can now be installed.. # Security update for apache2 Announcement ID: SUSE-SU-2026:2686-1 Release Date: 2026-06-29T22:36:09Z Rating: important References: * bsc#1207327 * bsc#1208708 * bsc#1214357 * bsc#1263935 * bsc#1263950 * bsc#1263951 * bsc#1263952 * bsc#1263953 * bsc#1263954 * bsc#1263955 * bsc#1263956 * bsc#1263957 * bsc#1264150 * bsc#1264163 * bsc#1267503 * bsc#1267955 * bsc#1267956 * bsc#1267962 * bsc#1267963 * bsc#1267965 * bsc#1267969 * bsc#1267970 * bsc#1267971 * bsc#1267972 * bsc#1267976 * bsc#1267977 * bsc#1267978 * bsc#690734 * jsc#PED-16334 Cross-References: * CVE-2006-20001 * CVE-2021-44224 * CVE-2021-44790 * CVE-2022-22719 * CVE-2022-22720 * CVE-2022-22721 * CVE-2022-23943 * CVE-2022-26377 * CVE-2022-28614 * CVE-2022-28615 * CVE-2022-29404 * CVE-2022-30522 * CVE-2022-30556 * CVE-2022-31813 * CVE-2022-36760 * CVE-2022-37436 * CVE-2023-25690 * CVE-2023-27522 * CVE-2023-31122 * CVE-2023-38709 * CVE-2023-45802 * CVE-2024-24795 * CVE-2024-27316 * CVE-2024-38473 * CVE-2024-38474 * CVE-2024-38475 * CVE-2024-38476 * CVE-2024-38477 * CVE-2024-39573 * CVE-2024-39884 * CVE-2024-40725 * CVE-2024-42516 * CVE-2024-43204 * CVE-2024-47252 * CVE-2025-23048 * CVE-2025-49630 * CVE-2025-49812 * CVE-2025-53020 * CVE-2025-55753 * CVE-2025-58098 * CVE-2025-65082 * CVE-2025-66200 * CVE-2026-23918 * CVE-2026-24072 * CVE-2026-28780 * CVE-2026-29167 * CVE-2026-29168 * CVE-2026-29169 * CVE-2026-29170 * CVE-2026-33006 * CVE-2026-33007 * CVE-2026-33523 * CVE-2026-33857 * CVE-2026-34032 * CVE-2026-34059 * CVE-2026-34355 * CVE-2026-34356 * CVE-2026-42535 * CVE-2026-42536 * CVE-2026-43951 * CVE-2026-44119 * CVE-2026-44185 * CVE-2026-44186 * CVE-2026-44631 * CVE-2026-48913 * CVE-2026-49975 CVSS scores: * CVE-2006-20001 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2006-20001 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-44224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-44224 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2021-44790 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2021-44790 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-22719 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-22719 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-22720 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-22720 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-22721 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2022-22721 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2022-23943 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2022-23943 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-26377 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-26377 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2022-28614 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-28614 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2022-28615 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2022-28615 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2022-28615 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2022-29404 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-29404 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30522 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30556 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-30556 ( NVD ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-31813 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-31813 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-36760 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2022-36760 ( NVD ): 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2022-36760 ( NVD ): 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2022-37436 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-37436 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2022-37436 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-25690 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-25690 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25690 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-27522 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-27522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-27522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-31122 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38709 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-38709 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-45802 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45802 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24795 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-24795 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2024-27316 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27316 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27316 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38473 ( SUSE ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-38473 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-38474 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2024-38474 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38474 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-38475 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2024-38475 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-38475 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-38476 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2024-38476 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38476 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38477 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38477 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38477 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39573 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2024-39573 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-39884 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-39884 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-40725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-40725 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-40725 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-42516 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-42516 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2024-42516 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-43204 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-43204 ( SUSE ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-43204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-47252 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-47252 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-47252 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-23048 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-23048 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-23048 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-49630 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-49630 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-49630 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-49812 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-49812 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L * CVE-2025-49812 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-53020 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-53020 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-53020 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-55753 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55753 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-55753 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-58098 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-58098 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-58098 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2025-65082 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N *CVE-2025-65082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2025-65082 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-66200 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-66200 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-66200 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2026-23918 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23918 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23918 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23918 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24072 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24072 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-28780 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28780 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28780 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-28780 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29167 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29168 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-29168 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29168 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29169 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-29169 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29169 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-29170 ( NVD ): 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-33006 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33006 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33006 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-33007 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-33007 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33007 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33523 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N * CVE-2026-33523 ( SUSE ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-33523 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-33857 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-33857 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-33857 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34032 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34032 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34032 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34059 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34059 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34059 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( NVD ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42535 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-42535 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-43951 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44185 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-44186 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-44631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48913 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 66 vulnerabilities and contains one feature can now be installed. ## Description: This update for apache2 fixes the following issues * CVE-2026-23918: http2: double free and possible RCE on early reset (bsc#1263957). * CVE-2026-24072: mod_rewrite elevation of privileges via ap_expr (bsc#1263935). * CVE-2026-28780: heap buffer overflow in `mod_proxy_ajp` via `ajp_msg_check_header()` (bsc#1264163). * CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). * CVE-2026-29168: allocation of resources without limits in `mod_md` via OCSP response (bsc#1264150). * CVE-2026-29169: NULL pointer dereference in `mod_dav_lock` allows server crash via malicious requests (bsc#1263956). *CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). * CVE-2026-33006: `mod_auth_digest` timing attack allows bypass of Digest authentication (bsc#1263955). * CVE-2026-33007: NULL pointer dereference in `mod_authn_socache` allows unauthenticated remote user to crash a child processes (bsc#1263954). * CVE-2026-33523: HTTP response splitting forwarding malicious status line (bsc#1263953). * CVE-2026-33857: off-by-one OOB reads in AJP getter functions (bsc#1263952). * CVE-2026-34032: heap buffer overread in `mod_proxy_ajp` due to missing null- termination check (bsc#1263951). * CVE-2026-34059: heap buffer overread and memory disclosure via `ajp_parse_data()` (bsc#1263950). * CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). * CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). * CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). * CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). * CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). * CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). * CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969). * CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of service (bsc#1267970). * CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971). * CVE-2026-48913: file handle exhaustion during request processing in mod_http2 can lead to a use-after-free (bsc#1267972). * CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503). Non security issue: * Update to 2.4.66 (jsc#PED-16334). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypperpatch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2686=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2686=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2686=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2686=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2686=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2686=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2686=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2686=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2686=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 *apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-event-debuginfo-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-event-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * apache2-example-pages-2.4.66-150400.6.57.1 * openSUSE Leap 15.4 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 *apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 *apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * apache2-doc-2.4.66-150400.6.57.1 ## References: * https://www.suse.com/security/cve/CVE-2006-20001.html * https://www.suse.com/security/cve/CVE-2021-44224.html * https://www.suse.com/security/cve/CVE-2021-44790.html * https://www.suse.com/security/cve/CVE-2022-22719.html * https://www.suse.com/security/cve/CVE-2022-22720.html * https://www.suse.com/security/cve/CVE-2022-22721.html * https://www.suse.com/security/cve/CVE-2022-23943.html * https://www.suse.com/security/cve/CVE-2022-26377.html * https://www.suse.com/security/cve/CVE-2022-28614.html * https://www.suse.com/security/cve/CVE-2022-28615.html * https://www.suse.com/security/cve/CVE-2022-29404.html * https://www.suse.com/security/cve/CVE-2022-30522.html * https://www.suse.com/security/cve/CVE-2022-30556.html * https://www.suse.com/security/cve/CVE-2022-31813.html * https://www.suse.com/security/cve/CVE-2022-36760.html * https://www.suse.com/security/cve/CVE-2022-37436.html * https://www.suse.com/security/cve/CVE-2023-25690.html * https://www.suse.com/security/cve/CVE-2023-27522.html * https://www.suse.com/security/cve/CVE-2023-31122.html * https://www.suse.com/security/cve/CVE-2023-38709.html * https://www.suse.com/security/cve/CVE-2023-45802.html * https://www.suse.com/security/cve/CVE-2024-24795.html * https://www.suse.com/security/cve/CVE-2024-27316.html * https://www.suse.com/security/cve/CVE-2024-38473.html * https://www.suse.com/security/cve/CVE-2024-38474.html * https://www.suse.com/security/cve/CVE-2024-38475.html * https://www.suse.com/security/cve/CVE-2024-38476.html * https://www.suse.com/security/cve/CVE-2024-38477.html * https://www.suse.com/security/cve/CVE-2024-39573.html * https://www.suse.com/security/cve/CVE-2024-39884.html * https://www.suse.com/security/cve/CVE-2024-40725.html * https://www.suse.com/security/cve/CVE-2024-42516.html * https://www.suse.com/security/cve/CVE-2024-43204.html * https://www.suse.com/security/cve/CVE-2024-47252.html * https://www.suse.com/security/cve/CVE-2025-23048.html * https://www.suse.com/security/cve/CVE-2025-49630.html * https://www.suse.com/security/cve/CVE-2025-49812.html * https://www.suse.com/security/cve/CVE-2025-53020.html * https://www.suse.com/security/cve/CVE-2025-55753.html * https://www.suse.com/security/cve/CVE-2025-58098.html * https://www.suse.com/security/cve/CVE-2025-65082.html * https://www.suse.com/security/cve/CVE-2025-66200.html * https://www.suse.com/security/cve/CVE-2026-23918.html * https://www.suse.com/security/cve/CVE-2026-24072.html * https://www.suse.com/security/cve/CVE-2026-28780.html * https://www.suse.com/security/cve/CVE-2026-29167.html * https://www.suse.com/security/cve/CVE-2026-29168.html * https://www.suse.com/security/cve/CVE-2026-29169.html * https://www.suse.com/security/cve/CVE-2026-29170.html * https://www.suse.com/security/cve/CVE-2026-33006.html * https://www.suse.com/security/cve/CVE-2026-33007.html * https://www.suse.com/security/cve/CVE-2026-33523.html * https://www.suse.com/security/cve/CVE-2026-33857.html * https://www.suse.com/security/cve/CVE-2026-34032.html *https://www.suse.com/security/cve/CVE-2026-34059.html * https://www.suse.com/security/cve/CVE-2026-34355.html * https://www.suse.com/security/cve/CVE-2026-34356.html * https://www.suse.com/security/cve/CVE-2026-42535.html * https://www.suse.com/security/cve/CVE-2026-42536.html * https://www.suse.com/security/cve/CVE-2026-43951.html * https://www.suse.com/security/cve/CVE-2026-44119.html * https://www.suse.com/security/cve/CVE-2026-44185.html * https://www.suse.com/security/cve/CVE-2026-44186.html * https://www.suse.com/security/cve/CVE-2026-44631.html * https://www.suse.com/security/cve/CVE-2026-48913.html * https://www.suse.com/security/cve/CVE-2026-49975.html * https://bugzilla.suse.com/show_bug.cgi?id=1207327 * https://bugzilla.suse.com/show_bug.cgi?id=1208708 * https://bugzilla.suse.com/show_bug.cgi?id=1214357 * https://bugzilla.suse.com/show_bug.cgi?id=1263935 * https://bugzilla.suse.com/show_bug.cgi?id=1263950 * https://bugzilla.suse.com/show_bug.cgi?id=1263951 * https://bugzilla.suse.com/show_bug.cgi?id=1263952 * https://bugzilla.suse.com/show_bug.cgi?id=1263953 * https://bugzilla.suse.com/show_bug.cgi?id=1263954 * https://bugzilla.suse.com/show_bug.cgi?id=1263955 * https://bugzilla.suse.com/show_bug.cgi?id=1263956 * https://bugzilla.suse.com/show_bug.cgi?id=1263957 * https://bugzilla.suse.com/show_bug.cgi?id=1264150 * https://bugzilla.suse.com/show_bug.cgi?id=1264163 * https://bugzilla.suse.com/show_bug.cgi?id=1267503 * https://bugzilla.suse.com/show_bug.cgi?id=1267955 * https://bugzilla.suse.com/show_bug.cgi?id=1267956 * https://bugzilla.suse.com/show_bug.cgi?id=1267962 * https://bugzilla.suse.com/show_bug.cgi?id=1267963 * https://bugzilla.suse.com/show_bug.cgi?id=1267965 * https://bugzilla.suse.com/show_bug.cgi?id=1267969 * https://bugzilla.suse.com/show_bug.cgi?id=1267970 * https://bugzilla.suse.com/show_bug.cgi?id=1267971 * https://bugzilla.suse.com/show_bug.cgi?id=1267972 * https://bugzilla.suse.com/show_bug.cgi?id=1267976 *https://bugzilla.suse.com/show_bug.cgi?id=1267977 * https://bugzilla.suse.com/show_bug.cgi?id=1267978 * https://bugzilla.suse.com/show_bug.cgi?id=690734 * https://jira.suse.com/browse/PED-16334 . # Security update for apache2 Announcement ID: SUSE-SU-2026:2686-1 Release Date: 2026-06-29T22:36:09. update, solves, vulnerabilities, feature, installed, security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 30, 2026 Important OpenSUSE
100

SUSE Apache2 Important Update Addresses 66 Vulnerabilities 2026-2686-1

An update that solves 66 vulnerabilities and contains one feature can now be installed.. # Security update for apache2 Announcement ID: SUSE-SU-2026:2686-1 Release Date: 2026-06-29T22:36:09Z Rating: important References: * bsc#1207327 * bsc#1208708 * bsc#1214357 * bsc#1263935 * bsc#1263950 * bsc#1263951 * bsc#1263952 * bsc#1263953 * bsc#1263954 * bsc#1263955 * bsc#1263956 * bsc#1263957 * bsc#1264150 * bsc#1264163 * bsc#1267503 * bsc#1267955 * bsc#1267956 * bsc#1267962 * bsc#1267963 * bsc#1267965 * bsc#1267969 * bsc#1267970 * bsc#1267971 * bsc#1267972 * bsc#1267976 * bsc#1267977 * bsc#1267978 * bsc#690734 * jsc#PED-16334 Cross-References: * CVE-2006-20001 * CVE-2021-44224 * CVE-2021-44790 * CVE-2022-22719 * CVE-2022-22720 * CVE-2022-22721 * CVE-2022-23943 * CVE-2022-26377 * CVE-2022-28614 * CVE-2022-28615 * CVE-2022-29404 * CVE-2022-30522 * CVE-2022-30556 * CVE-2022-31813 * CVE-2022-36760 * CVE-2022-37436 * CVE-2023-25690 * CVE-2023-27522 * CVE-2023-31122 * CVE-2023-38709 * CVE-2023-45802 * CVE-2024-24795 * CVE-2024-27316 * CVE-2024-38473 * CVE-2024-38474 * CVE-2024-38475 * CVE-2024-38476 * CVE-2024-38477 * CVE-2024-39573 * CVE-2024-39884 * CVE-2024-40725 * CVE-2024-42516 * CVE-2024-43204 * CVE-2024-47252 * CVE-2025-23048 * CVE-2025-49630 * CVE-2025-49812 * CVE-2025-53020 * CVE-2025-55753 * CVE-2025-58098 * CVE-2025-65082 * CVE-2025-66200 * CVE-2026-23918 * CVE-2026-24072 * CVE-2026-28780 * CVE-2026-29167 * CVE-2026-29168 * CVE-2026-29169 * CVE-2026-29170 * CVE-2026-33006 * CVE-2026-33007 * CVE-2026-33523 * CVE-2026-33857 * CVE-2026-34032 * CVE-2026-34059 * CVE-2026-34355 * CVE-2026-34356 * CVE-2026-42535 * CVE-2026-42536 * CVE-2026-43951 * CVE-2026-44119 * CVE-2026-44185 * CVE-2026-44186 * CVE-2026-44631 * CVE-2026-48913 * CVE-2026-49975 CVSS scores: * CVE-2006-20001 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2006-20001 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-44224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-44224 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2021-44790 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2021-44790 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-22719 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-22719 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-22720 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-22720 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-22721 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2022-22721 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2022-23943 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2022-23943 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-26377 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-26377 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2022-28614 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-28614 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2022-28615 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2022-28615 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2022-28615 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2022-29404 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-29404 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30522 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30556 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-30556 ( NVD ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-31813 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-31813 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-36760 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2022-36760 ( NVD ): 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2022-36760 ( NVD ): 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2022-37436 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-37436 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2022-37436 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-25690 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-25690 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25690 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-27522 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-27522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-27522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-31122 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38709 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-38709 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-45802 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45802 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24795 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-24795 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2024-27316 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27316 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27316 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38473 ( SUSE ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-38473 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-38474 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2024-38474 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38474 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-38475 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2024-38475 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-38475 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-38476 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2024-38476 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38476 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38477 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38477 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38477 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39573 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2024-39573 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-39884 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-39884 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-40725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-40725 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-40725 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-42516 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-42516 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2024-42516 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-43204 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-43204 ( SUSE ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-43204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-47252 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-47252 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-47252 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-23048 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-23048 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-23048 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-49630 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-49630 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-49630 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-49812 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-49812 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L * CVE-2025-49812 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-53020 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-53020 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-53020 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-55753 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55753 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-55753 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-58098 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-58098 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-58098 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2025-65082 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N *CVE-2025-65082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2025-65082 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-66200 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-66200 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-66200 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2026-23918 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23918 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23918 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23918 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24072 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24072 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-28780 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28780 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28780 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-28780 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29167 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29168 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-29168 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29168 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29169 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-29169 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29169 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-29170 ( NVD ): 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-33006 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33006 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33006 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-33007 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-33007 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33007 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33523 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N * CVE-2026-33523 ( SUSE ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-33523 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-33857 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-33857 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-33857 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34032 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34032 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34032 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34059 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34059 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34059 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( NVD ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42535 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-42535 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-43951 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44185 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-44186 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-44631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48913 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 66 vulnerabilities and contains one feature can now be installed. ## Description: This update for apache2 fixes the following issues * CVE-2026-23918: http2: double free and possible RCE on early reset (bsc#1263957). * CVE-2026-24072: mod_rewrite elevation of privileges via ap_expr (bsc#1263935). * CVE-2026-28780: heap buffer overflow in `mod_proxy_ajp` via `ajp_msg_check_header()` (bsc#1264163). * CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). * CVE-2026-29168: allocation of resources without limits in `mod_md` via OCSP response (bsc#1264150). * CVE-2026-29169: NULL pointer dereference in `mod_dav_lock` allows server crash via malicious requests (bsc#1263956). *CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). * CVE-2026-33006: `mod_auth_digest` timing attack allows bypass of Digest authentication (bsc#1263955). * CVE-2026-33007: NULL pointer dereference in `mod_authn_socache` allows unauthenticated remote user to crash a child processes (bsc#1263954). * CVE-2026-33523: HTTP response splitting forwarding malicious status line (bsc#1263953). * CVE-2026-33857: off-by-one OOB reads in AJP getter functions (bsc#1263952). * CVE-2026-34032: heap buffer overread in `mod_proxy_ajp` due to missing null- termination check (bsc#1263951). * CVE-2026-34059: heap buffer overread and memory disclosure via `ajp_parse_data()` (bsc#1263950). * CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). * CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). * CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). * CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). * CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). * CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). * CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969). * CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of service (bsc#1267970). * CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971). * CVE-2026-48913: file handle exhaustion during request processing in mod_http2 can lead to a use-after-free (bsc#1267972). * CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503). Non security issue: * Update to 2.4.66 (jsc#PED-16334). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypperpatch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2686=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2686=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2686=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2686=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2686=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2686=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2686=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2686=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2686=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 *apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-event-debuginfo-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-event-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * apache2-example-pages-2.4.66-150400.6.57.1 * openSUSE Leap 15.4 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 *apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 *apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * apache2-doc-2.4.66-150400.6.57.1 ## References: * https://www.suse.com/security/cve/CVE-2006-20001.html * https://www.suse.com/security/cve/CVE-2021-44224.html * https://www.suse.com/security/cve/CVE-2021-44790.html * https://www.suse.com/security/cve/CVE-2022-22719.html * https://www.suse.com/security/cve/CVE-2022-22720.html * https://www.suse.com/security/cve/CVE-2022-22721.html * https://www.suse.com/security/cve/CVE-2022-23943.html * https://www.suse.com/security/cve/CVE-2022-26377.html * https://www.suse.com/security/cve/CVE-2022-28614.html * https://www.suse.com/security/cve/CVE-2022-28615.html * https://www.suse.com/security/cve/CVE-2022-29404.html * https://www.suse.com/security/cve/CVE-2022-30522.html * https://www.suse.com/security/cve/CVE-2022-30556.html * https://www.suse.com/security/cve/CVE-2022-31813.html * https://www.suse.com/security/cve/CVE-2022-36760.html * https://www.suse.com/security/cve/CVE-2022-37436.html * https://www.suse.com/security/cve/CVE-2023-25690.html * https://www.suse.com/security/cve/CVE-2023-27522.html * https://www.suse.com/security/cve/CVE-2023-31122.html * https://www.suse.com/security/cve/CVE-2023-38709.html * https://www.suse.com/security/cve/CVE-2023-45802.html * https://www.suse.com/security/cve/CVE-2024-24795.html * https://www.suse.com/security/cve/CVE-2024-27316.html * https://www.suse.com/security/cve/CVE-2024-38473.html * https://www.suse.com/security/cve/CVE-2024-38474.html * https://www.suse.com/security/cve/CVE-2024-38475.html * https://www.suse.com/security/cve/CVE-2024-38476.html * https://www.suse.com/security/cve/CVE-2024-38477.html * https://www.suse.com/security/cve/CVE-2024-39573.html * https://www.suse.com/security/cve/CVE-2024-39884.html * https://www.suse.com/security/cve/CVE-2024-40725.html * https://www.suse.com/security/cve/CVE-2024-42516.html * https://www.suse.com/security/cve/CVE-2024-43204.html * https://www.suse.com/security/cve/CVE-2024-47252.html * https://www.suse.com/security/cve/CVE-2025-23048.html * https://www.suse.com/security/cve/CVE-2025-49630.html * https://www.suse.com/security/cve/CVE-2025-49812.html * https://www.suse.com/security/cve/CVE-2025-53020.html * https://www.suse.com/security/cve/CVE-2025-55753.html * https://www.suse.com/security/cve/CVE-2025-58098.html * https://www.suse.com/security/cve/CVE-2025-65082.html * https://www.suse.com/security/cve/CVE-2025-66200.html * https://www.suse.com/security/cve/CVE-2026-23918.html * https://www.suse.com/security/cve/CVE-2026-24072.html * https://www.suse.com/security/cve/CVE-2026-28780.html * https://www.suse.com/security/cve/CVE-2026-29167.html * https://www.suse.com/security/cve/CVE-2026-29168.html * https://www.suse.com/security/cve/CVE-2026-29169.html * https://www.suse.com/security/cve/CVE-2026-29170.html * https://www.suse.com/security/cve/CVE-2026-33006.html * https://www.suse.com/security/cve/CVE-2026-33007.html * https://www.suse.com/security/cve/CVE-2026-33523.html * https://www.suse.com/security/cve/CVE-2026-33857.html * https://www.suse.com/security/cve/CVE-2026-34032.html *https://www.suse.com/security/cve/CVE-2026-34059.html * https://www.suse.com/security/cve/CVE-2026-34355.html * https://www.suse.com/security/cve/CVE-2026-34356.html * https://www.suse.com/security/cve/CVE-2026-42535.html * https://www.suse.com/security/cve/CVE-2026-42536.html * https://www.suse.com/security/cve/CVE-2026-43951.html * https://www.suse.com/security/cve/CVE-2026-44119.html * https://www.suse.com/security/cve/CVE-2026-44185.html * https://www.suse.com/security/cve/CVE-2026-44186.html * https://www.suse.com/security/cve/CVE-2026-44631.html * https://www.suse.com/security/cve/CVE-2026-48913.html * https://www.suse.com/security/cve/CVE-2026-49975.html * https://bugzilla.suse.com/show_bug.cgi?id=1207327 * https://bugzilla.suse.com/show_bug.cgi?id=1208708 * https://bugzilla.suse.com/show_bug.cgi?id=1214357 * https://bugzilla.suse.com/show_bug.cgi?id=1263935 * https://bugzilla.suse.com/show_bug.cgi?id=1263950 * https://bugzilla.suse.com/show_bug.cgi?id=1263951 * https://bugzilla.suse.com/show_bug.cgi?id=1263952 * https://bugzilla.suse.com/show_bug.cgi?id=1263953 * https://bugzilla.suse.com/show_bug.cgi?id=1263954 * https://bugzilla.suse.com/show_bug.cgi?id=1263955 * https://bugzilla.suse.com/show_bug.cgi?id=1263956 * https://bugzilla.suse.com/show_bug.cgi?id=1263957 * https://bugzilla.suse.com/show_bug.cgi?id=1264150 * https://bugzilla.suse.com/show_bug.cgi?id=1264163 * https://bugzilla.suse.com/show_bug.cgi?id=1267503 * https://bugzilla.suse.com/show_bug.cgi?id=1267955 * https://bugzilla.suse.com/show_bug.cgi?id=1267956 * https://bugzilla.suse.com/show_bug.cgi?id=1267962 * https://bugzilla.suse.com/show_bug.cgi?id=1267963 * https://bugzilla.suse.com/show_bug.cgi?id=1267965 * https://bugzilla.suse.com/show_bug.cgi?id=1267969 * https://bugzilla.suse.com/show_bug.cgi?id=1267970 * https://bugzilla.suse.com/show_bug.cgi?id=1267971 * https://bugzilla.suse.com/show_bug.cgi?id=1267972 * https://bugzilla.suse.com/show_bug.cgi?id=1267976 *https://bugzilla.suse.com/show_bug.cgi?id=1267977 * https://bugzilla.suse.com/show_bug.cgi?id=1267978 * https://bugzilla.suse.com/show_bug.cgi?id=690734 * https://jira.suse.com/browse/PED-16334 . Security update for apache2 addresses 66 vulnerabilities. Prompt installation is recommended to enhance system security.. SUSE Apache Security Update Important Vulnerability Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 30, 2026 Important SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200