Skip to main content

EasyApache4 Security HotFix Release v25.57

cPRex Jurassic Moderator

WebPros has released an update for EasyApache 4!  Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

ea-apache24 - Updated from 2.4.66 to 2.4.67
    - (CVE-2026-23918) Apache HTTP Server: http2 double free and possible RCE on early reset (important)
    - (CVE-2026-24072) Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr (moderate)
    - (CVE-2026-33006) Apache HTTP Server: mod_auth_digest timing attack (moderate)
    - (CVE-2026-28780) Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header() (low)
    - (CVE-2026-29168) Apache HTTP Server: mod_md unrestricted OCSP response (low)
    - (CVE-2026-29169) Apache HTTP Server: mod_dav_lock indirect lock crash (low)
    - (CVE-2026-33007) Apache HTTP Server: mod_authn_socache crash (low)
   - (CVE-2026-33523) Apache HTTP Server: multiple modules HTTP response splitting (low)
    - (CVE-2026-33857) Apache HTTP Server: off-by-one OOB reads in AJP getter functions (low)
    - (CVE-2026-34032) Apache HTTP Server: mod_proxy_ajp heap buffer over-read in ajp_msg_get_string (low)
    - (CVE-2026-34059) Apache HTTP Server: mod_proxy_ajp heap over-read in ajp_parse_data() (low)
 
    ea-libcurl - CVE security backports to 8.17.0 (CentOS 7 only)
    - (CVE-2026-5545) HTTP Negotiate connection reuse auth check (medium)
    - (CVE-2026-7168) proxy Digest auth state leak on proxy switch (medium)
    - (CVE-2026-6253) proxy credentials not cleared on port/scheme change (medium)
    - (CVE-2026-6429) netrc credential leak via redirect (medium)
    - (CVE-2026-4873) non-TLS STARTTLS connection reuse bypass (low)
    - (CVE-2026-6276) stale cookiehost on handle reuse (low)
 
   We recommend updating at your earliest convenience. We apologize for no advance notice but wanted to get the update out ASAP. 
 

Comments

0 comments

Post is closed for comments.

Didn't find what you were looking for?

New post