Situation
An escalation-of-privilege bug in various modules in Apache HTTP Server 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.
Users are recommended to upgrade to version 2.4.67, which fixes this issue.
Impact
Users are recommended to upgrade to version 2.4.67, which fixes this issue.
We have pushed out a patch for the following additional CVE's:
- CVE-2026-24072
- CVE-2026-33006
- CVE-2026-28780
- CVE-2026-29168
- CVE-2026-29169
- CVE-2026-33007
- CVE-2026-33523
- CVE-2026-33857
- CVE-2026-34032
- CVE-2026-34059
You can find more information on all of the above in our Change Logs: Easy Apache 4 Change logs
Call to Action
Please run the following command to update EasyApache 4:
# dnf clean all
# dnf makecache
# dnf -y update ea-apache*
Please run the following command to update EasyApache 4:
# yum update ea-apache24 --enablerepo=cl-ea4-testing
Please run the following command to update EasyApache 4:
# yum update ea-apache24 --enablerepo=imunify360-ea-php-hardened-beta
Please run the following command to update EasyApache 4:
# apt update
# apt install --only-upgrade "ea-apache24*"
Comments
0 comments
Please sign in to leave a comment.