Explore top 10 tips to secure your open-source projects now. Read More
×Several security issues were fixed in Apache HTTP Server.. ========================================================================== Ubuntu Security Notice USN-8516-1 July 08, 2026 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: It was discovered that Apache HTTP Server's mod_ldap module incorrectly handled memory when processing per-directory configurations. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-29167) It was discovered that Apache HTTP Server's mod_proxy_ftp module incorrectly handled HTML generation for FTP directory listings. A remote attacker could possibly use this issue to inject arbitrary web script or HTML. (CVE-2026-29170) It was discovered that Apache HTTP Server's mod_proxy_html module incorrectly handled certain content from an untrusted backend. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-34355) It was discovered that Apache HTTP Server incorrectly handled ProxyPassReverseCookie directives with a malicious backend server. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-34356) It was discovered that Apache HTTP Server's mod_dav_fs module incorrectly handled certain path operations. An authenticated user could possibly use this issue to manipulate trusted WebDAV property databases or cause a denial of service. (CVE-2026-42535) It was discovered that Apache HTTP Server's mod_xml2enc module incorrectly handled certain content from an untrusted backend. A remote attacker could possibly use this issue to cause ApacheHTTP Server to crash, resulting in a denial of service. (CVE-2026-42536) It was discovered that Apache HTTP Server incorrectly handled response headers when multiple content languages were configured. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-43951) It was discovered that Apache HTTP Server incorrectly restricted certain file functions in expressions within .htaccess files. A local attacker with .htaccess write access could possibly use this issue to obtain sensitive information. (CVE-2026-44119) It was discovered that Apache HTTP Server's mod_ssl module incorrectly handled OCSP responses from an attacker-controlled server. A remote attacker could possibly use this issue to obtain sensitive information or cause a denial of service. (CVE-2026-44185) It was discovered that Apache HTTP Server's mod_proxy_ftp module incorrectly handled responses from an attacker-controlled backend FTP server. A remote attacker could possibly use this issue to cause Apache HTTP Server to stop responding, resulting in a denial of service. (CVE-2026-44186) It was discovered that Apache HTTP Server incorrectly handled crafted regular expressions in the server configuration. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2026-44631) It was discovered that Apache HTTP Server's mod_http2 module had a use-after-free vulnerability when file handles were exhausted. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-48913) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS apache2 2.4.66-2ubuntu2.4 Ubuntu 24.04 LTS apache2 2.4.58-1ubuntu8.15 Ubuntu 22.04 LTS apache2 2.4.52-1ubuntu4.23 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8516-1 CVE-2026-29167, CVE-2026-29170, CVE-2026-34355, CVE-2026-34356, CVE-2026-42535, CVE-2026-42536, CVE-2026-43951, CVE-2026-44119, CVE-2026-44185, CVE-2026-44186, CVE-2026-44631, CVE-2026-48913 Package Information: https://launchpad.net/ubuntu/+source/apache2/2.4.66-2ubuntu2.4 https://launchpad.net/ubuntu/+source/apache2/2.4.58-1ubuntu8.15 https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.23 . Numerous security issues in Apache HTTP Server require updates in Ubuntu LTS for protection against potential threats.. Apache HTTP Server vulnerabilities, Ubuntu security fix, Denial of service, Remote attacker risks. . Severity: Critical. LinuxSecurity.com Team
An update that solves 13 vulnerabilities and has 13 bug fixes can now be installed.. openSUSE security update: security update for apache2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21235-1 Rating: important References: * bsc#1267503 * bsc#1267955 * bsc#1267956 * bsc#1267962 * bsc#1267963 * bsc#1267965 * bsc#1267969 * bsc#1267970 * bsc#1267971 * bsc#1267972 * bsc#1267976 * bsc#1267977 * bsc#1267978 Cross-References: * CVE-2026-29167 * CVE-2026-29170 * CVE-2026-34355 * CVE-2026-34356 * CVE-2026-42535 * CVE-2026-42536 * CVE-2026-43951 * CVE-2026-44119 * CVE-2026-44185 * CVE-2026-44186 * CVE-2026-44631 * CVE-2026-48913 * CVE-2026-49975 CVSS scores: * CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-42535 ( SUSE ): 7 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-44185 ( SUSE ): 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 13 vulnerabilities and has 13 bug fixes can now be installed. Description: This update for apache2 fixes the following issues - CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). - CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). - CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). - CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). - CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). - CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). - CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). - CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). - CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969). - CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of service (bsc#1267970). - CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971). - CVE-2026-48913: file handleexhaustion during request processing in mod_http2 can lead to a use-after-free (bsc#1267972). - CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1149=1 Package List: - openSUSE Leap 16.0: apache2-2.4.66-160000.3.1 apache2-devel-2.4.66-160000.3.1 apache2-event-2.4.66-160000.3.1 apache2-manual-2.4.66-160000.3.1 apache2-prefork-2.4.66-160000.3.1 apache2-utils-2.4.66-160000.3.1 apache2-worker-2.4.66-160000.3.1 References: * https://www.suse.com/security/cve/CVE-2026-29167.html * https://www.suse.com/security/cve/CVE-2026-29170.html * https://www.suse.com/security/cve/CVE-2026-34355.html * https://www.suse.com/security/cve/CVE-2026-34356.html * https://www.suse.com/security/cve/CVE-2026-42535.html * https://www.suse.com/security/cve/CVE-2026-42536.html * https://www.suse.com/security/cve/CVE-2026-43951.html * https://www.suse.com/security/cve/CVE-2026-44119.html * https://www.suse.com/security/cve/CVE-2026-44185.html * https://www.suse.com/security/cve/CVE-2026-44186.html * https://www.suse.com/security/cve/CVE-2026-44631.html * https://www.suse.com/security/cve/CVE-2026-48913.html * https://www.suse.com/security/cve/CVE-2026-49975.html . This openSUSE security update addresses 13 important vulnerabilities in apache2, enhancing system protection.. openSUSE security update, apache2 vulnerabilities, important security fix, buffer overflow issue, apache2 patch. . Severity: Important. LinuxSecurity.com Team
An update that solves 13 vulnerabilities can now be installed.. # Security update for apache2 Announcement ID: SUSE-SU-2026:2759-1 Release Date: 2026-07-06T02:04:25Z Rating: important References: * bsc#1267503 * bsc#1267955 * bsc#1267956 * bsc#1267962 * bsc#1267963 * bsc#1267965 * bsc#1267969 * bsc#1267970 * bsc#1267971 * bsc#1267972 * bsc#1267976 * bsc#1267977 * bsc#1267978 Cross-References: * CVE-2026-29167 * CVE-2026-29170 * CVE-2026-34355 * CVE-2026-34356 * CVE-2026-42535 * CVE-2026-42536 * CVE-2026-43951 * CVE-2026-44119 * CVE-2026-44185 * CVE-2026-44186 * CVE-2026-44631 * CVE-2026-48913 * CVE-2026-49975 CVSS scores: * CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29167 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-29170 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42535 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-42535 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42536( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-43951 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44185 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-44186 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-44631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48913 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H AffectedProducts: * Basesystem Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for apache2 fixes the following issues * CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). * CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). * CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). * CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). * CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). * CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). * CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). * CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). * CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969). * CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of service (bsc#1267970). * CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971). * CVE-2026-48913: file handle exhaustion during request processing in mod_http2 can lead to a use-after-free (bsc#1267972). * CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2759=1 * Basesystem Module15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2759=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-2759=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * apache2-prefork-2.4.66-150700.4.23.1 * apache2-debuginfo-2.4.66-150700.4.23.1 * apache2-prefork-debuginfo-2.4.66-150700.4.23.1 * apache2-prefork-debugsource-2.4.66-150700.4.23.1 * apache2-2.4.66-150700.4.23.1 * apache2-debugsource-2.4.66-150700.4.23.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * apache2-utils-debuginfo-2.4.66-150700.4.23.1 * apache2-worker-debuginfo-2.4.66-150700.4.23.1 * apache2-worker-2.4.66-150700.4.23.1 * apache2-worker-debugsource-2.4.66-150700.4.23.1 * apache2-devel-2.4.66-150700.4.23.1 * apache2-utils-2.4.66-150700.4.23.1 * apache2-utils-debugsource-2.4.66-150700.4.23.1 * Server Applications Module 15-SP7 (noarch) * apache2-manual-2.4.66-150700.4.23.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * apache2-event-debugsource-2.4.66-150700.4.23.1 * apache2-event-2.4.66-150700.4.23.1 * apache2-event-debuginfo-2.4.66-150700.4.23.1 ## References: * https://www.suse.com/security/cve/CVE-2026-29167.html * https://www.suse.com/security/cve/CVE-2026-29170.html * https://www.suse.com/security/cve/CVE-2026-34355.html * https://www.suse.com/security/cve/CVE-2026-34356.html * https://www.suse.com/security/cve/CVE-2026-42535.html * https://www.suse.com/security/cve/CVE-2026-42536.html * https://www.suse.com/security/cve/CVE-2026-43951.html * https://www.suse.com/security/cve/CVE-2026-44119.html * https://www.suse.com/security/cve/CVE-2026-44185.html * https://www.suse.com/security/cve/CVE-2026-44186.html * https://www.suse.com/security/cve/CVE-2026-44631.html * https://www.suse.com/security/cve/CVE-2026-48913.html * https://www.suse.com/security/cve/CVE-2026-49975.html *https://bugzilla.suse.com/show_bug.cgi?id=1267503 * https://bugzilla.suse.com/show_bug.cgi?id=1267955 * https://bugzilla.suse.com/show_bug.cgi?id=1267956 * https://bugzilla.suse.com/show_bug.cgi?id=1267962 * https://bugzilla.suse.com/show_bug.cgi?id=1267963 * https://bugzilla.suse.com/show_bug.cgi?id=1267965 * https://bugzilla.suse.com/show_bug.cgi?id=1267969 * https://bugzilla.suse.com/show_bug.cgi?id=1267970 * https://bugzilla.suse.com/show_bug.cgi?id=1267971 * https://bugzilla.suse.com/show_bug.cgi?id=1267972 * https://bugzilla.suse.com/show_bug.cgi?id=1267976 * https://bugzilla.suse.com/show_bug.cgi?id=1267977 * https://bugzilla.suse.com/show_bug.cgi?id=1267978 . This SUSE security update addresses 13 important vulnerabilities in Apache2, enhancing system protection and integrity.. SUSE security Apache2 vulnerabilities update. . Severity: Important. LinuxSecurity.com Team
An update that solves 13 vulnerabilities can now be installed.. # Security update for apache2 Announcement ID: SUSE-SU-2026:2735-1 Release Date: 2026-07-02T22:36:37Z Rating: important References: * bsc#1267503 * bsc#1267955 * bsc#1267956 * bsc#1267962 * bsc#1267963 * bsc#1267965 * bsc#1267969 * bsc#1267970 * bsc#1267971 * bsc#1267972 * bsc#1267976 * bsc#1267977 * bsc#1267978 Cross-References: * CVE-2026-29167 * CVE-2026-29170 * CVE-2026-34355 * CVE-2026-34356 * CVE-2026-42535 * CVE-2026-42536 * CVE-2026-43951 * CVE-2026-44119 * CVE-2026-44185 * CVE-2026-44186 * CVE-2026-44631 * CVE-2026-48913 * CVE-2026-49975 CVSS scores: * CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29167 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-29170 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42535 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-42535 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42536( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-43951 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44185 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-44186 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-44631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48913 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H AffectedProducts: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for apache2 fixes the following issues * CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). * CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). * CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). * CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). * CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). * CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). * CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). * CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). * CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969). * CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of service (bsc#1267970). * CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971). * CVE-2026-48913: file handle exhaustion during request processing in mod_http2 can lead to a use-after-free (bsc#1267972). * CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2735=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2735=1 *openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2735=1 ## Package List: * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * apache2-worker-2.4.66-150600.5.55.1 * apache2-event-debugsource-2.4.66-150600.5.55.1 * apache2-utils-debugsource-2.4.66-150600.5.55.1 * apache2-event-debuginfo-2.4.66-150600.5.55.1 * apache2-debuginfo-2.4.66-150600.5.55.1 * apache2-devel-2.4.66-150600.5.55.1 * apache2-utils-2.4.66-150600.5.55.1 * apache2-worker-debugsource-2.4.66-150600.5.55.1 * apache2-prefork-2.4.66-150600.5.55.1 * apache2-event-2.4.66-150600.5.55.1 * apache2-prefork-debugsource-2.4.66-150600.5.55.1 * apache2-debugsource-2.4.66-150600.5.55.1 * apache2-worker-debuginfo-2.4.66-150600.5.55.1 * apache2-2.4.66-150600.5.55.1 * apache2-prefork-debuginfo-2.4.66-150600.5.55.1 * apache2-utils-debuginfo-2.4.66-150600.5.55.1 * openSUSE Leap 15.6 (noarch) * apache2-manual-2.4.66-150600.5.55.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * apache2-manual-2.4.66-150600.5.55.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * apache2-worker-2.4.66-150600.5.55.1 * apache2-utils-debugsource-2.4.66-150600.5.55.1 * apache2-debuginfo-2.4.66-150600.5.55.1 * apache2-devel-2.4.66-150600.5.55.1 * apache2-utils-2.4.66-150600.5.55.1 * apache2-worker-debugsource-2.4.66-150600.5.55.1 * apache2-prefork-2.4.66-150600.5.55.1 * apache2-worker-debuginfo-2.4.66-150600.5.55.1 * apache2-debugsource-2.4.66-150600.5.55.1 * apache2-prefork-debugsource-2.4.66-150600.5.55.1 * apache2-2.4.66-150600.5.55.1 * apache2-prefork-debuginfo-2.4.66-150600.5.55.1 * apache2-utils-debuginfo-2.4.66-150600.5.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * apache2-worker-2.4.66-150600.5.55.1 * apache2-utils-debugsource-2.4.66-150600.5.55.1 * apache2-debuginfo-2.4.66-150600.5.55.1 * apache2-devel-2.4.66-150600.5.55.1 *apache2-utils-2.4.66-150600.5.55.1 * apache2-worker-debugsource-2.4.66-150600.5.55.1 * apache2-prefork-2.4.66-150600.5.55.1 * apache2-prefork-debugsource-2.4.66-150600.5.55.1 * apache2-debugsource-2.4.66-150600.5.55.1 * apache2-worker-debuginfo-2.4.66-150600.5.55.1 * apache2-2.4.66-150600.5.55.1 * apache2-prefork-debuginfo-2.4.66-150600.5.55.1 * apache2-utils-debuginfo-2.4.66-150600.5.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * apache2-manual-2.4.66-150600.5.55.1 ## References: * https://www.suse.com/security/cve/CVE-2026-29167.html * https://www.suse.com/security/cve/CVE-2026-29170.html * https://www.suse.com/security/cve/CVE-2026-34355.html * https://www.suse.com/security/cve/CVE-2026-34356.html * https://www.suse.com/security/cve/CVE-2026-42535.html * https://www.suse.com/security/cve/CVE-2026-42536.html * https://www.suse.com/security/cve/CVE-2026-43951.html * https://www.suse.com/security/cve/CVE-2026-44119.html * https://www.suse.com/security/cve/CVE-2026-44185.html * https://www.suse.com/security/cve/CVE-2026-44186.html * https://www.suse.com/security/cve/CVE-2026-44631.html * https://www.suse.com/security/cve/CVE-2026-48913.html * https://www.suse.com/security/cve/CVE-2026-49975.html * https://bugzilla.suse.com/show_bug.cgi?id=1267503 * https://bugzilla.suse.com/show_bug.cgi?id=1267955 * https://bugzilla.suse.com/show_bug.cgi?id=1267956 * https://bugzilla.suse.com/show_bug.cgi?id=1267962 * https://bugzilla.suse.com/show_bug.cgi?id=1267963 * https://bugzilla.suse.com/show_bug.cgi?id=1267965 * https://bugzilla.suse.com/show_bug.cgi?id=1267969 * https://bugzilla.suse.com/show_bug.cgi?id=1267970 * https://bugzilla.suse.com/show_bug.cgi?id=1267971 * https://bugzilla.suse.com/show_bug.cgi?id=1267972 * https://bugzilla.suse.com/show_bug.cgi?id=1267976 * https://bugzilla.suse.com/show_bug.cgi?id=1267977 * https://bugzilla.suse.com/show_bug.cgi?id=1267978 . This update addresses 13important vulnerabilities in Apache2, enhancing security for openSUSE users.. SUSE Apache2 Update, Important Vulnerabilities Patch, Security Advisory OpenSUSE. . Severity: Important. LinuxSecurity.com Team
An update that solves 13 vulnerabilities can now be installed.. # Security update for apache2 Announcement ID: SUSE-SU-2026:2735-1 Release Date: 2026-07-02T22:36:37Z Rating: important References: * bsc#1267503 * bsc#1267955 * bsc#1267956 * bsc#1267962 * bsc#1267963 * bsc#1267965 * bsc#1267969 * bsc#1267970 * bsc#1267971 * bsc#1267972 * bsc#1267976 * bsc#1267977 * bsc#1267978 Cross-References: * CVE-2026-29167 * CVE-2026-29170 * CVE-2026-34355 * CVE-2026-34356 * CVE-2026-42535 * CVE-2026-42536 * CVE-2026-43951 * CVE-2026-44119 * CVE-2026-44185 * CVE-2026-44186 * CVE-2026-44631 * CVE-2026-48913 * CVE-2026-49975 CVSS scores: * CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29167 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-29170 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42535 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-42535 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42536( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-43951 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44185 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-44186 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-44631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48913 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H AffectedProducts: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for apache2 fixes the following issues * CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). * CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). * CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). * CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). * CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). * CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). * CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). * CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). * CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969). * CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of service (bsc#1267970). * CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971). * CVE-2026-48913: file handle exhaustion during request processing in mod_http2 can lead to a use-after-free (bsc#1267972). * CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2735=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2735=1 *openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2735=1 ## Package List: * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * apache2-worker-2.4.66-150600.5.55.1 * apache2-event-debugsource-2.4.66-150600.5.55.1 * apache2-utils-debugsource-2.4.66-150600.5.55.1 * apache2-event-debuginfo-2.4.66-150600.5.55.1 * apache2-debuginfo-2.4.66-150600.5.55.1 * apache2-devel-2.4.66-150600.5.55.1 * apache2-utils-2.4.66-150600.5.55.1 * apache2-worker-debugsource-2.4.66-150600.5.55.1 * apache2-prefork-2.4.66-150600.5.55.1 * apache2-event-2.4.66-150600.5.55.1 * apache2-prefork-debugsource-2.4.66-150600.5.55.1 * apache2-debugsource-2.4.66-150600.5.55.1 * apache2-worker-debuginfo-2.4.66-150600.5.55.1 * apache2-2.4.66-150600.5.55.1 * apache2-prefork-debuginfo-2.4.66-150600.5.55.1 * apache2-utils-debuginfo-2.4.66-150600.5.55.1 * openSUSE Leap 15.6 (noarch) * apache2-manual-2.4.66-150600.5.55.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * apache2-manual-2.4.66-150600.5.55.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * apache2-worker-2.4.66-150600.5.55.1 * apache2-utils-debugsource-2.4.66-150600.5.55.1 * apache2-debuginfo-2.4.66-150600.5.55.1 * apache2-devel-2.4.66-150600.5.55.1 * apache2-utils-2.4.66-150600.5.55.1 * apache2-worker-debugsource-2.4.66-150600.5.55.1 * apache2-prefork-2.4.66-150600.5.55.1 * apache2-worker-debuginfo-2.4.66-150600.5.55.1 * apache2-debugsource-2.4.66-150600.5.55.1 * apache2-prefork-debugsource-2.4.66-150600.5.55.1 * apache2-2.4.66-150600.5.55.1 * apache2-prefork-debuginfo-2.4.66-150600.5.55.1 * apache2-utils-debuginfo-2.4.66-150600.5.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * apache2-worker-2.4.66-150600.5.55.1 * apache2-utils-debugsource-2.4.66-150600.5.55.1 * apache2-debuginfo-2.4.66-150600.5.55.1 * apache2-devel-2.4.66-150600.5.55.1 *apache2-utils-2.4.66-150600.5.55.1 * apache2-worker-debugsource-2.4.66-150600.5.55.1 * apache2-prefork-2.4.66-150600.5.55.1 * apache2-prefork-debugsource-2.4.66-150600.5.55.1 * apache2-debugsource-2.4.66-150600.5.55.1 * apache2-worker-debuginfo-2.4.66-150600.5.55.1 * apache2-2.4.66-150600.5.55.1 * apache2-prefork-debuginfo-2.4.66-150600.5.55.1 * apache2-utils-debuginfo-2.4.66-150600.5.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * apache2-manual-2.4.66-150600.5.55.1 ## References: * https://www.suse.com/security/cve/CVE-2026-29167.html * https://www.suse.com/security/cve/CVE-2026-29170.html * https://www.suse.com/security/cve/CVE-2026-34355.html * https://www.suse.com/security/cve/CVE-2026-34356.html * https://www.suse.com/security/cve/CVE-2026-42535.html * https://www.suse.com/security/cve/CVE-2026-42536.html * https://www.suse.com/security/cve/CVE-2026-43951.html * https://www.suse.com/security/cve/CVE-2026-44119.html * https://www.suse.com/security/cve/CVE-2026-44185.html * https://www.suse.com/security/cve/CVE-2026-44186.html * https://www.suse.com/security/cve/CVE-2026-44631.html * https://www.suse.com/security/cve/CVE-2026-48913.html * https://www.suse.com/security/cve/CVE-2026-49975.html * https://bugzilla.suse.com/show_bug.cgi?id=1267503 * https://bugzilla.suse.com/show_bug.cgi?id=1267955 * https://bugzilla.suse.com/show_bug.cgi?id=1267956 * https://bugzilla.suse.com/show_bug.cgi?id=1267962 * https://bugzilla.suse.com/show_bug.cgi?id=1267963 * https://bugzilla.suse.com/show_bug.cgi?id=1267965 * https://bugzilla.suse.com/show_bug.cgi?id=1267969 * https://bugzilla.suse.com/show_bug.cgi?id=1267970 * https://bugzilla.suse.com/show_bug.cgi?id=1267971 * https://bugzilla.suse.com/show_bug.cgi?id=1267972 * https://bugzilla.suse.com/show_bug.cgi?id=1267976 * https://bugzilla.suse.com/show_bug.cgi?id=1267977 * https://bugzilla.suse.com/show_bug.cgi?id=1267978 . Install the important securityupdate for apache2 in openSUSE to address 13 vulnerabilities and enhance security.. SUSE Linux, apache2, security updates, openSUSE, vulnerabilities. . Severity: Important. LinuxSecurity.com Team
An update that solves 13 vulnerabilities can now be installed.. # Security update for apache2 Announcement ID: SUSE-SU-2026:2717-1 Release Date: 2026-07-01T08:05:44Z Rating: important References: * bsc#1267503 * bsc#1267955 * bsc#1267956 * bsc#1267962 * bsc#1267963 * bsc#1267965 * bsc#1267969 * bsc#1267970 * bsc#1267971 * bsc#1267972 * bsc#1267976 * bsc#1267977 * bsc#1267978 Cross-References: * CVE-2026-29167 * CVE-2026-29170 * CVE-2026-34355 * CVE-2026-34356 * CVE-2026-42535 * CVE-2026-42536 * CVE-2026-43951 * CVE-2026-44119 * CVE-2026-44185 * CVE-2026-44186 * CVE-2026-44631 * CVE-2026-48913 * CVE-2026-49975 CVSS scores: * CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29167 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-29170 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42535 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-42535 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42536( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-43951 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44185 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-44186 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-44631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48913 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H AffectedProducts: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 13 vulnerabilities can now be installed. ## Description: This update for apache2 fixes the following issues * CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). * CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). * CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). * CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). * CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). * CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). * CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). * CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). * CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969). * CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of service (bsc#1267970). * CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971). * CVE-2026-48913: file handle exhaustion during request processing in mod_http2 can lead to a use-after-free (bsc#1267972). * CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2717=1 * SUSE Linux Enterprise Server 12 SP5LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2717=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * apache2-tls13-devel-2.4.66-35.81.1 * apache2-worker-2.4.66-35.81.1 * apache2-devel-2.4.66-35.81.1 * apache2-tls13-debugsource-2.4.66-35.81.1 * apache2-tls13-example-pages-2.4.66-35.81.1 * apache2-tls13-worker-debuginfo-2.4.66-35.81.1 * apache2-debugsource-2.4.66-35.81.1 * apache2-example-pages-2.4.66-35.81.1 * apache2-tls13-debuginfo-2.4.66-35.81.1 * apache2-worker-debuginfo-2.4.66-35.81.1 * apache2-tls13-utils-2.4.66-35.81.1 * apache2-tls13-prefork-2.4.66-35.81.1 * apache2-tls13-worker-2.4.66-35.81.1 * apache2-utils-debuginfo-2.4.66-35.81.1 * apache2-tls13-2.4.66-35.81.1 * apache2-utils-2.4.66-35.81.1 * apache2-prefork-2.4.66-35.81.1 * apache2-tls13-utils-debuginfo-2.4.66-35.81.1 * apache2-debuginfo-2.4.66-35.81.1 * apache2-tls13-prefork-debuginfo-2.4.66-35.81.1 * apache2-2.4.66-35.81.1 * apache2-prefork-debuginfo-2.4.66-35.81.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * apache2-tls13-doc-2.4.66-35.81.1 * apache2-doc-2.4.66-35.81.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * apache2-tls13-devel-2.4.66-35.81.1 * apache2-devel-2.4.66-35.81.1 * apache2-worker-2.4.66-35.81.1 * apache2-tls13-debugsource-2.4.66-35.81.1 * apache2-tls13-example-pages-2.4.66-35.81.1 * apache2-tls13-worker-debuginfo-2.4.66-35.81.1 * apache2-debugsource-2.4.66-35.81.1 * apache2-example-pages-2.4.66-35.81.1 * apache2-prefork-debuginfo-2.4.66-35.81.1 * apache2-tls13-debuginfo-2.4.66-35.81.1 * apache2-worker-debuginfo-2.4.66-35.81.1 * apache2-tls13-utils-2.4.66-35.81.1 * apache2-tls13-prefork-2.4.66-35.81.1 * apache2-tls13-worker-2.4.66-35.81.1 * apache2-utils-debuginfo-2.4.66-35.81.1 * apache2-tls13-2.4.66-35.81.1 *apache2-prefork-2.4.66-35.81.1 * apache2-tls13-utils-debuginfo-2.4.66-35.81.1 * apache2-debuginfo-2.4.66-35.81.1 * apache2-tls13-prefork-debuginfo-2.4.66-35.81.1 * apache2-2.4.66-35.81.1 * apache2-utils-2.4.66-35.81.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * apache2-tls13-doc-2.4.66-35.81.1 * apache2-doc-2.4.66-35.81.1 ## References: * https://www.suse.com/security/cve/CVE-2026-29167.html * https://www.suse.com/security/cve/CVE-2026-29170.html * https://www.suse.com/security/cve/CVE-2026-34355.html * https://www.suse.com/security/cve/CVE-2026-34356.html * https://www.suse.com/security/cve/CVE-2026-42535.html * https://www.suse.com/security/cve/CVE-2026-42536.html * https://www.suse.com/security/cve/CVE-2026-43951.html * https://www.suse.com/security/cve/CVE-2026-44119.html * https://www.suse.com/security/cve/CVE-2026-44185.html * https://www.suse.com/security/cve/CVE-2026-44186.html * https://www.suse.com/security/cve/CVE-2026-44631.html * https://www.suse.com/security/cve/CVE-2026-48913.html * https://www.suse.com/security/cve/CVE-2026-49975.html * https://bugzilla.suse.com/show_bug.cgi?id=1267503 * https://bugzilla.suse.com/show_bug.cgi?id=1267955 * https://bugzilla.suse.com/show_bug.cgi?id=1267956 * https://bugzilla.suse.com/show_bug.cgi?id=1267962 * https://bugzilla.suse.com/show_bug.cgi?id=1267963 * https://bugzilla.suse.com/show_bug.cgi?id=1267965 * https://bugzilla.suse.com/show_bug.cgi?id=1267969 * https://bugzilla.suse.com/show_bug.cgi?id=1267970 * https://bugzilla.suse.com/show_bug.cgi?id=1267971 * https://bugzilla.suse.com/show_bug.cgi?id=1267972 * https://bugzilla.suse.com/show_bug.cgi?id=1267976 * https://bugzilla.suse.com/show_bug.cgi?id=1267977 * https://bugzilla.suse.com/show_bug.cgi?id=1267978 . SUSE's important update addresses 13 security issues in apache2, ensuring improved protection for users.. apache2 security patch,SUSE update,security vulnerabilities. . Severity: Important.LinuxSecurity.com Team
An update that solves 66 vulnerabilities and contains one feature can now be installed.. # Security update for apache2 Announcement ID: SUSE-SU-2026:2686-1 Release Date: 2026-06-29T22:36:09Z Rating: important References: * bsc#1207327 * bsc#1208708 * bsc#1214357 * bsc#1263935 * bsc#1263950 * bsc#1263951 * bsc#1263952 * bsc#1263953 * bsc#1263954 * bsc#1263955 * bsc#1263956 * bsc#1263957 * bsc#1264150 * bsc#1264163 * bsc#1267503 * bsc#1267955 * bsc#1267956 * bsc#1267962 * bsc#1267963 * bsc#1267965 * bsc#1267969 * bsc#1267970 * bsc#1267971 * bsc#1267972 * bsc#1267976 * bsc#1267977 * bsc#1267978 * bsc#690734 * jsc#PED-16334 Cross-References: * CVE-2006-20001 * CVE-2021-44224 * CVE-2021-44790 * CVE-2022-22719 * CVE-2022-22720 * CVE-2022-22721 * CVE-2022-23943 * CVE-2022-26377 * CVE-2022-28614 * CVE-2022-28615 * CVE-2022-29404 * CVE-2022-30522 * CVE-2022-30556 * CVE-2022-31813 * CVE-2022-36760 * CVE-2022-37436 * CVE-2023-25690 * CVE-2023-27522 * CVE-2023-31122 * CVE-2023-38709 * CVE-2023-45802 * CVE-2024-24795 * CVE-2024-27316 * CVE-2024-38473 * CVE-2024-38474 * CVE-2024-38475 * CVE-2024-38476 * CVE-2024-38477 * CVE-2024-39573 * CVE-2024-39884 * CVE-2024-40725 * CVE-2024-42516 * CVE-2024-43204 * CVE-2024-47252 * CVE-2025-23048 * CVE-2025-49630 * CVE-2025-49812 * CVE-2025-53020 * CVE-2025-55753 * CVE-2025-58098 * CVE-2025-65082 * CVE-2025-66200 * CVE-2026-23918 * CVE-2026-24072 * CVE-2026-28780 * CVE-2026-29167 * CVE-2026-29168 * CVE-2026-29169 * CVE-2026-29170 * CVE-2026-33006 * CVE-2026-33007 * CVE-2026-33523 * CVE-2026-33857 * CVE-2026-34032 * CVE-2026-34059 * CVE-2026-34355 * CVE-2026-34356 * CVE-2026-42535 * CVE-2026-42536 * CVE-2026-43951 * CVE-2026-44119 * CVE-2026-44185 * CVE-2026-44186 * CVE-2026-44631 * CVE-2026-48913 * CVE-2026-49975 CVSS scores: * CVE-2006-20001 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2006-20001 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-44224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-44224 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2021-44790 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2021-44790 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-22719 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-22719 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-22720 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-22720 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-22721 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2022-22721 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2022-23943 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2022-23943 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-26377 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-26377 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2022-28614 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-28614 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2022-28615 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2022-28615 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2022-28615 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2022-29404 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-29404 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30522 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30556 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-30556 ( NVD ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-31813 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-31813 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-36760 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2022-36760 ( NVD ): 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2022-36760 ( NVD ): 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2022-37436 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-37436 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2022-37436 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-25690 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-25690 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25690 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-27522 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-27522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-27522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-31122 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38709 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-38709 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-45802 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45802 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24795 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-24795 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2024-27316 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27316 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27316 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38473 ( SUSE ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-38473 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-38474 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2024-38474 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38474 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-38475 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2024-38475 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-38475 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-38476 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2024-38476 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38476 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38477 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38477 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38477 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39573 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2024-39573 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-39884 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-39884 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-40725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-40725 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-40725 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-42516 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-42516 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2024-42516 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-43204 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-43204 ( SUSE ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-43204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-47252 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-47252 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-47252 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-23048 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-23048 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-23048 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-49630 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-49630 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-49630 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-49812 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-49812 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L * CVE-2025-49812 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-53020 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-53020 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-53020 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-55753 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55753 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-55753 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-58098 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-58098 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-58098 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2025-65082 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N *CVE-2025-65082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2025-65082 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-66200 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-66200 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-66200 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2026-23918 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23918 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23918 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23918 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24072 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24072 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-28780 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28780 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28780 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-28780 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29167 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29168 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-29168 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29168 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29169 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-29169 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29169 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-29170 ( NVD ): 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-33006 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33006 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33006 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-33007 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-33007 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33007 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33523 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N * CVE-2026-33523 ( SUSE ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-33523 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-33857 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-33857 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-33857 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34032 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34032 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34032 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34059 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34059 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34059 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( NVD ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42535 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-42535 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-43951 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44185 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-44186 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-44631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48913 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 66 vulnerabilities and contains one feature can now be installed. ## Description: This update for apache2 fixes the following issues * CVE-2026-23918: http2: double free and possible RCE on early reset (bsc#1263957). * CVE-2026-24072: mod_rewrite elevation of privileges via ap_expr (bsc#1263935). * CVE-2026-28780: heap buffer overflow in `mod_proxy_ajp` via `ajp_msg_check_header()` (bsc#1264163). * CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). * CVE-2026-29168: allocation of resources without limits in `mod_md` via OCSP response (bsc#1264150). * CVE-2026-29169: NULL pointer dereference in `mod_dav_lock` allows server crash via malicious requests (bsc#1263956). *CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). * CVE-2026-33006: `mod_auth_digest` timing attack allows bypass of Digest authentication (bsc#1263955). * CVE-2026-33007: NULL pointer dereference in `mod_authn_socache` allows unauthenticated remote user to crash a child processes (bsc#1263954). * CVE-2026-33523: HTTP response splitting forwarding malicious status line (bsc#1263953). * CVE-2026-33857: off-by-one OOB reads in AJP getter functions (bsc#1263952). * CVE-2026-34032: heap buffer overread in `mod_proxy_ajp` due to missing null- termination check (bsc#1263951). * CVE-2026-34059: heap buffer overread and memory disclosure via `ajp_parse_data()` (bsc#1263950). * CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). * CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). * CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). * CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). * CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). * CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). * CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969). * CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of service (bsc#1267970). * CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971). * CVE-2026-48913: file handle exhaustion during request processing in mod_http2 can lead to a use-after-free (bsc#1267972). * CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503). Non security issue: * Update to 2.4.66 (jsc#PED-16334). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypperpatch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2686=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2686=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2686=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2686=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2686=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2686=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2686=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2686=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2686=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 *apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-event-debuginfo-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-event-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * apache2-example-pages-2.4.66-150400.6.57.1 * openSUSE Leap 15.4 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 *apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 *apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * apache2-doc-2.4.66-150400.6.57.1 ## References: * https://www.suse.com/security/cve/CVE-2006-20001.html * https://www.suse.com/security/cve/CVE-2021-44224.html * https://www.suse.com/security/cve/CVE-2021-44790.html * https://www.suse.com/security/cve/CVE-2022-22719.html * https://www.suse.com/security/cve/CVE-2022-22720.html * https://www.suse.com/security/cve/CVE-2022-22721.html * https://www.suse.com/security/cve/CVE-2022-23943.html * https://www.suse.com/security/cve/CVE-2022-26377.html * https://www.suse.com/security/cve/CVE-2022-28614.html * https://www.suse.com/security/cve/CVE-2022-28615.html * https://www.suse.com/security/cve/CVE-2022-29404.html * https://www.suse.com/security/cve/CVE-2022-30522.html * https://www.suse.com/security/cve/CVE-2022-30556.html * https://www.suse.com/security/cve/CVE-2022-31813.html * https://www.suse.com/security/cve/CVE-2022-36760.html * https://www.suse.com/security/cve/CVE-2022-37436.html * https://www.suse.com/security/cve/CVE-2023-25690.html * https://www.suse.com/security/cve/CVE-2023-27522.html * https://www.suse.com/security/cve/CVE-2023-31122.html * https://www.suse.com/security/cve/CVE-2023-38709.html * https://www.suse.com/security/cve/CVE-2023-45802.html * https://www.suse.com/security/cve/CVE-2024-24795.html * https://www.suse.com/security/cve/CVE-2024-27316.html * https://www.suse.com/security/cve/CVE-2024-38473.html * https://www.suse.com/security/cve/CVE-2024-38474.html * https://www.suse.com/security/cve/CVE-2024-38475.html * https://www.suse.com/security/cve/CVE-2024-38476.html * https://www.suse.com/security/cve/CVE-2024-38477.html * https://www.suse.com/security/cve/CVE-2024-39573.html * https://www.suse.com/security/cve/CVE-2024-39884.html * https://www.suse.com/security/cve/CVE-2024-40725.html * https://www.suse.com/security/cve/CVE-2024-42516.html * https://www.suse.com/security/cve/CVE-2024-43204.html * https://www.suse.com/security/cve/CVE-2024-47252.html * https://www.suse.com/security/cve/CVE-2025-23048.html * https://www.suse.com/security/cve/CVE-2025-49630.html * https://www.suse.com/security/cve/CVE-2025-49812.html * https://www.suse.com/security/cve/CVE-2025-53020.html * https://www.suse.com/security/cve/CVE-2025-55753.html * https://www.suse.com/security/cve/CVE-2025-58098.html * https://www.suse.com/security/cve/CVE-2025-65082.html * https://www.suse.com/security/cve/CVE-2025-66200.html * https://www.suse.com/security/cve/CVE-2026-23918.html * https://www.suse.com/security/cve/CVE-2026-24072.html * https://www.suse.com/security/cve/CVE-2026-28780.html * https://www.suse.com/security/cve/CVE-2026-29167.html * https://www.suse.com/security/cve/CVE-2026-29168.html * https://www.suse.com/security/cve/CVE-2026-29169.html * https://www.suse.com/security/cve/CVE-2026-29170.html * https://www.suse.com/security/cve/CVE-2026-33006.html * https://www.suse.com/security/cve/CVE-2026-33007.html * https://www.suse.com/security/cve/CVE-2026-33523.html * https://www.suse.com/security/cve/CVE-2026-33857.html * https://www.suse.com/security/cve/CVE-2026-34032.html *https://www.suse.com/security/cve/CVE-2026-34059.html * https://www.suse.com/security/cve/CVE-2026-34355.html * https://www.suse.com/security/cve/CVE-2026-34356.html * https://www.suse.com/security/cve/CVE-2026-42535.html * https://www.suse.com/security/cve/CVE-2026-42536.html * https://www.suse.com/security/cve/CVE-2026-43951.html * https://www.suse.com/security/cve/CVE-2026-44119.html * https://www.suse.com/security/cve/CVE-2026-44185.html * https://www.suse.com/security/cve/CVE-2026-44186.html * https://www.suse.com/security/cve/CVE-2026-44631.html * https://www.suse.com/security/cve/CVE-2026-48913.html * https://www.suse.com/security/cve/CVE-2026-49975.html * https://bugzilla.suse.com/show_bug.cgi?id=1207327 * https://bugzilla.suse.com/show_bug.cgi?id=1208708 * https://bugzilla.suse.com/show_bug.cgi?id=1214357 * https://bugzilla.suse.com/show_bug.cgi?id=1263935 * https://bugzilla.suse.com/show_bug.cgi?id=1263950 * https://bugzilla.suse.com/show_bug.cgi?id=1263951 * https://bugzilla.suse.com/show_bug.cgi?id=1263952 * https://bugzilla.suse.com/show_bug.cgi?id=1263953 * https://bugzilla.suse.com/show_bug.cgi?id=1263954 * https://bugzilla.suse.com/show_bug.cgi?id=1263955 * https://bugzilla.suse.com/show_bug.cgi?id=1263956 * https://bugzilla.suse.com/show_bug.cgi?id=1263957 * https://bugzilla.suse.com/show_bug.cgi?id=1264150 * https://bugzilla.suse.com/show_bug.cgi?id=1264163 * https://bugzilla.suse.com/show_bug.cgi?id=1267503 * https://bugzilla.suse.com/show_bug.cgi?id=1267955 * https://bugzilla.suse.com/show_bug.cgi?id=1267956 * https://bugzilla.suse.com/show_bug.cgi?id=1267962 * https://bugzilla.suse.com/show_bug.cgi?id=1267963 * https://bugzilla.suse.com/show_bug.cgi?id=1267965 * https://bugzilla.suse.com/show_bug.cgi?id=1267969 * https://bugzilla.suse.com/show_bug.cgi?id=1267970 * https://bugzilla.suse.com/show_bug.cgi?id=1267971 * https://bugzilla.suse.com/show_bug.cgi?id=1267972 * https://bugzilla.suse.com/show_bug.cgi?id=1267976 *https://bugzilla.suse.com/show_bug.cgi?id=1267977 * https://bugzilla.suse.com/show_bug.cgi?id=1267978 * https://bugzilla.suse.com/show_bug.cgi?id=690734 * https://jira.suse.com/browse/PED-16334 . # Security update for apache2 Announcement ID: SUSE-SU-2026:2686-1 Release Date: 2026-06-29T22:36:09. update, solves, vulnerabilities, feature, installed, security. . Severity: Important. LinuxSecurity.com Team
An update that solves 66 vulnerabilities and contains one feature can now be installed.. # Security update for apache2 Announcement ID: SUSE-SU-2026:2686-1 Release Date: 2026-06-29T22:36:09Z Rating: important References: * bsc#1207327 * bsc#1208708 * bsc#1214357 * bsc#1263935 * bsc#1263950 * bsc#1263951 * bsc#1263952 * bsc#1263953 * bsc#1263954 * bsc#1263955 * bsc#1263956 * bsc#1263957 * bsc#1264150 * bsc#1264163 * bsc#1267503 * bsc#1267955 * bsc#1267956 * bsc#1267962 * bsc#1267963 * bsc#1267965 * bsc#1267969 * bsc#1267970 * bsc#1267971 * bsc#1267972 * bsc#1267976 * bsc#1267977 * bsc#1267978 * bsc#690734 * jsc#PED-16334 Cross-References: * CVE-2006-20001 * CVE-2021-44224 * CVE-2021-44790 * CVE-2022-22719 * CVE-2022-22720 * CVE-2022-22721 * CVE-2022-23943 * CVE-2022-26377 * CVE-2022-28614 * CVE-2022-28615 * CVE-2022-29404 * CVE-2022-30522 * CVE-2022-30556 * CVE-2022-31813 * CVE-2022-36760 * CVE-2022-37436 * CVE-2023-25690 * CVE-2023-27522 * CVE-2023-31122 * CVE-2023-38709 * CVE-2023-45802 * CVE-2024-24795 * CVE-2024-27316 * CVE-2024-38473 * CVE-2024-38474 * CVE-2024-38475 * CVE-2024-38476 * CVE-2024-38477 * CVE-2024-39573 * CVE-2024-39884 * CVE-2024-40725 * CVE-2024-42516 * CVE-2024-43204 * CVE-2024-47252 * CVE-2025-23048 * CVE-2025-49630 * CVE-2025-49812 * CVE-2025-53020 * CVE-2025-55753 * CVE-2025-58098 * CVE-2025-65082 * CVE-2025-66200 * CVE-2026-23918 * CVE-2026-24072 * CVE-2026-28780 * CVE-2026-29167 * CVE-2026-29168 * CVE-2026-29169 * CVE-2026-29170 * CVE-2026-33006 * CVE-2026-33007 * CVE-2026-33523 * CVE-2026-33857 * CVE-2026-34032 * CVE-2026-34059 * CVE-2026-34355 * CVE-2026-34356 * CVE-2026-42535 * CVE-2026-42536 * CVE-2026-43951 * CVE-2026-44119 * CVE-2026-44185 * CVE-2026-44186 * CVE-2026-44631 * CVE-2026-48913 * CVE-2026-49975 CVSS scores: * CVE-2006-20001 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2006-20001 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-44224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-44224 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2021-44790 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2021-44790 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-22719 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-22719 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-22720 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-22720 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-22721 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2022-22721 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2022-23943 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2022-23943 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-26377 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-26377 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2022-28614 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-28614 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2022-28615 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2022-28615 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2022-28615 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2022-29404 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-29404 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30522 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-30556 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-30556 ( NVD ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-31813 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-31813 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-36760 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2022-36760 ( NVD ): 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2022-36760 ( NVD ): 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2022-37436 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-37436 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2022-37436 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-25690 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-25690 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25690 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-27522 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-27522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-27522 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-31122 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38709 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-38709 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-45802 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45802 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24795 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-24795 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2024-27316 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27316 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27316 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38473 ( SUSE ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-38473 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-38474 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2024-38474 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38474 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-38475 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2024-38475 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-38475 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-38476 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2024-38476 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38476 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38477 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38477 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38477 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39573 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2024-39573 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-39884 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-39884 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-40725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-40725 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-40725 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-42516 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-42516 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2024-42516 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-43204 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-43204 ( SUSE ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-43204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-47252 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-47252 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-47252 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-23048 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-23048 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-23048 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-49630 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-49630 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-49630 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-49812 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-49812 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L * CVE-2025-49812 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-53020 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-53020 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-53020 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-55753 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55753 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-55753 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-58098 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-58098 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-58098 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2025-65082 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N *CVE-2025-65082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2025-65082 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-66200 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-66200 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-66200 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2026-23918 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23918 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23918 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23918 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24072 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24072 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-28780 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28780 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28780 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-28780 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29167 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29168 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-29168 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29168 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-29169 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-29169 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29169 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-29170 ( NVD ): 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-33006 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33006 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33006 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-33007 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-33007 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33007 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33523 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N * CVE-2026-33523 ( SUSE ): 8.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2026-33523 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-33857 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-33857 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-33857 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34032 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34032 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34032 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-34059 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34059 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34059 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34356 ( NVD ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42535 ( SUSE ): 7.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-42535 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-43951 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44185 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-44186 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-44631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-48913 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 66 vulnerabilities and contains one feature can now be installed. ## Description: This update for apache2 fixes the following issues * CVE-2026-23918: http2: double free and possible RCE on early reset (bsc#1263957). * CVE-2026-24072: mod_rewrite elevation of privileges via ap_expr (bsc#1263935). * CVE-2026-28780: heap buffer overflow in `mod_proxy_ajp` via `ajp_msg_check_header()` (bsc#1264163). * CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976). * CVE-2026-29168: allocation of resources without limits in `mod_md` via OCSP response (bsc#1264150). * CVE-2026-29169: NULL pointer dereference in `mod_dav_lock` allows server crash via malicious requests (bsc#1263956). *CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977). * CVE-2026-33006: `mod_auth_digest` timing attack allows bypass of Digest authentication (bsc#1263955). * CVE-2026-33007: NULL pointer dereference in `mod_authn_socache` allows unauthenticated remote user to crash a child processes (bsc#1263954). * CVE-2026-33523: HTTP response splitting forwarding malicious status line (bsc#1263953). * CVE-2026-33857: off-by-one OOB reads in AJP getter functions (bsc#1263952). * CVE-2026-34032: heap buffer overread in `mod_proxy_ajp` due to missing null- termination check (bsc#1263951). * CVE-2026-34059: heap buffer overread and memory disclosure via `ajp_parse_data()` (bsc#1263950). * CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978). * CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955). * CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956). * CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962). * CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963). * CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965). * CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969). * CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of service (bsc#1267970). * CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971). * CVE-2026-48913: file handle exhaustion during request processing in mod_http2 can lead to a use-after-free (bsc#1267972). * CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503). Non security issue: * Update to 2.4.66 (jsc#PED-16334). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypperpatch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2686=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2686=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2686=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2686=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2686=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2686=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2686=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2686=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2686=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 *apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-event-debuginfo-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-event-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * apache2-example-pages-2.4.66-150400.6.57.1 * openSUSE Leap 15.4 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 *apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 *apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * apache2-doc-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.66-150400.6.57.1 * apache2-worker-debuginfo-2.4.66-150400.6.57.1 * apache2-2.4.66-150400.6.57.1 * apache2-prefork-2.4.66-150400.6.57.1 * apache2-prefork-debuginfo-2.4.66-150400.6.57.1 * apache2-devel-2.4.66-150400.6.57.1 * apache2-utils-2.4.66-150400.6.57.1 * apache2-utils-debuginfo-2.4.66-150400.6.57.1 * apache2-worker-2.4.66-150400.6.57.1 * apache2-debuginfo-2.4.66-150400.6.57.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * apache2-doc-2.4.66-150400.6.57.1 ## References: * https://www.suse.com/security/cve/CVE-2006-20001.html * https://www.suse.com/security/cve/CVE-2021-44224.html * https://www.suse.com/security/cve/CVE-2021-44790.html * https://www.suse.com/security/cve/CVE-2022-22719.html * https://www.suse.com/security/cve/CVE-2022-22720.html * https://www.suse.com/security/cve/CVE-2022-22721.html * https://www.suse.com/security/cve/CVE-2022-23943.html * https://www.suse.com/security/cve/CVE-2022-26377.html * https://www.suse.com/security/cve/CVE-2022-28614.html * https://www.suse.com/security/cve/CVE-2022-28615.html * https://www.suse.com/security/cve/CVE-2022-29404.html * https://www.suse.com/security/cve/CVE-2022-30522.html * https://www.suse.com/security/cve/CVE-2022-30556.html * https://www.suse.com/security/cve/CVE-2022-31813.html * https://www.suse.com/security/cve/CVE-2022-36760.html * https://www.suse.com/security/cve/CVE-2022-37436.html * https://www.suse.com/security/cve/CVE-2023-25690.html * https://www.suse.com/security/cve/CVE-2023-27522.html * https://www.suse.com/security/cve/CVE-2023-31122.html * https://www.suse.com/security/cve/CVE-2023-38709.html * https://www.suse.com/security/cve/CVE-2023-45802.html * https://www.suse.com/security/cve/CVE-2024-24795.html * https://www.suse.com/security/cve/CVE-2024-27316.html * https://www.suse.com/security/cve/CVE-2024-38473.html * https://www.suse.com/security/cve/CVE-2024-38474.html * https://www.suse.com/security/cve/CVE-2024-38475.html * https://www.suse.com/security/cve/CVE-2024-38476.html * https://www.suse.com/security/cve/CVE-2024-38477.html * https://www.suse.com/security/cve/CVE-2024-39573.html * https://www.suse.com/security/cve/CVE-2024-39884.html * https://www.suse.com/security/cve/CVE-2024-40725.html * https://www.suse.com/security/cve/CVE-2024-42516.html * https://www.suse.com/security/cve/CVE-2024-43204.html * https://www.suse.com/security/cve/CVE-2024-47252.html * https://www.suse.com/security/cve/CVE-2025-23048.html * https://www.suse.com/security/cve/CVE-2025-49630.html * https://www.suse.com/security/cve/CVE-2025-49812.html * https://www.suse.com/security/cve/CVE-2025-53020.html * https://www.suse.com/security/cve/CVE-2025-55753.html * https://www.suse.com/security/cve/CVE-2025-58098.html * https://www.suse.com/security/cve/CVE-2025-65082.html * https://www.suse.com/security/cve/CVE-2025-66200.html * https://www.suse.com/security/cve/CVE-2026-23918.html * https://www.suse.com/security/cve/CVE-2026-24072.html * https://www.suse.com/security/cve/CVE-2026-28780.html * https://www.suse.com/security/cve/CVE-2026-29167.html * https://www.suse.com/security/cve/CVE-2026-29168.html * https://www.suse.com/security/cve/CVE-2026-29169.html * https://www.suse.com/security/cve/CVE-2026-29170.html * https://www.suse.com/security/cve/CVE-2026-33006.html * https://www.suse.com/security/cve/CVE-2026-33007.html * https://www.suse.com/security/cve/CVE-2026-33523.html * https://www.suse.com/security/cve/CVE-2026-33857.html * https://www.suse.com/security/cve/CVE-2026-34032.html *https://www.suse.com/security/cve/CVE-2026-34059.html * https://www.suse.com/security/cve/CVE-2026-34355.html * https://www.suse.com/security/cve/CVE-2026-34356.html * https://www.suse.com/security/cve/CVE-2026-42535.html * https://www.suse.com/security/cve/CVE-2026-42536.html * https://www.suse.com/security/cve/CVE-2026-43951.html * https://www.suse.com/security/cve/CVE-2026-44119.html * https://www.suse.com/security/cve/CVE-2026-44185.html * https://www.suse.com/security/cve/CVE-2026-44186.html * https://www.suse.com/security/cve/CVE-2026-44631.html * https://www.suse.com/security/cve/CVE-2026-48913.html * https://www.suse.com/security/cve/CVE-2026-49975.html * https://bugzilla.suse.com/show_bug.cgi?id=1207327 * https://bugzilla.suse.com/show_bug.cgi?id=1208708 * https://bugzilla.suse.com/show_bug.cgi?id=1214357 * https://bugzilla.suse.com/show_bug.cgi?id=1263935 * https://bugzilla.suse.com/show_bug.cgi?id=1263950 * https://bugzilla.suse.com/show_bug.cgi?id=1263951 * https://bugzilla.suse.com/show_bug.cgi?id=1263952 * https://bugzilla.suse.com/show_bug.cgi?id=1263953 * https://bugzilla.suse.com/show_bug.cgi?id=1263954 * https://bugzilla.suse.com/show_bug.cgi?id=1263955 * https://bugzilla.suse.com/show_bug.cgi?id=1263956 * https://bugzilla.suse.com/show_bug.cgi?id=1263957 * https://bugzilla.suse.com/show_bug.cgi?id=1264150 * https://bugzilla.suse.com/show_bug.cgi?id=1264163 * https://bugzilla.suse.com/show_bug.cgi?id=1267503 * https://bugzilla.suse.com/show_bug.cgi?id=1267955 * https://bugzilla.suse.com/show_bug.cgi?id=1267956 * https://bugzilla.suse.com/show_bug.cgi?id=1267962 * https://bugzilla.suse.com/show_bug.cgi?id=1267963 * https://bugzilla.suse.com/show_bug.cgi?id=1267965 * https://bugzilla.suse.com/show_bug.cgi?id=1267969 * https://bugzilla.suse.com/show_bug.cgi?id=1267970 * https://bugzilla.suse.com/show_bug.cgi?id=1267971 * https://bugzilla.suse.com/show_bug.cgi?id=1267972 * https://bugzilla.suse.com/show_bug.cgi?id=1267976 *https://bugzilla.suse.com/show_bug.cgi?id=1267977 * https://bugzilla.suse.com/show_bug.cgi?id=1267978 * https://bugzilla.suse.com/show_bug.cgi?id=690734 * https://jira.suse.com/browse/PED-16334 . Security update for apache2 addresses 66 vulnerabilities. Prompt installation is recommended to enhance system security.. SUSE Apache Security Update Important Vulnerability Fix. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.