Situation
Apache HTTP Server: http2: Double Free and possible RCE on early reset (CVE-2026-23918). Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.
This issue affects Apache HTTP Server: 2.4.66.
Impact
Users are recommended to upgrade to version 2.4.67, which fixes the issue.
We have also pushed out a patch for the following additional CVE's:
- CVE-2026-24072
- CVE-2026-33006
- CVE-2026-28780
- CVE-2026-29168
- CVE-2026-29169
- CVE-2026-33007
- CVE-2026-33523
- CVE-2026-33857
- CVE-2026-34032
- CVE-2026-34059
You can find more information on all of the above in our Change Logs: Easy Apache 4 Change logs
Call to Action
Please run the following command to update Easy Apache 4:
# dnf clean all
# dnf makecache
# dnf -y update ea-apache*
Please run the following command to update Easy Apache 4:
# yum update ea-apache24 --enablerepo=cl-ea4-testing
Please run the following command to update Easy Apache 4:
# yum update ea-apache24 --enablerepo=imunify360-ea-php-hardened-beta
Please run the following command to update Easy Apache 4:
# apt update
# apt install --only-upgrade "ea-apache24*"
Comments
0 comments
Article is closed for comments.