SUSE-CU-2026:6779-1: Security update of bci/php-apache
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Mon Jul 6 07:29:35 UTC 2026
SUSE Container Update Advisory: bci/php-apache
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:6779-1
Container Tags : bci/php-apache:8 , bci/php-apache:8-sles15 , bci/php-apache:8.3.31 , bci/php-apache:8.3.31-24.7 , bci/php-apache:latest
Container Release : 24.7
Severity : important
Type : security
References : 1267503 1267955 1267956 1267962 1267963 1267965 1267969 1267970
1267971 1267972 1267976 1267977 1267978 CVE-2026-29167 CVE-2026-29170
CVE-2026-34355 CVE-2026-34356 CVE-2026-42535 CVE-2026-42536 CVE-2026-43951
CVE-2026-44119 CVE-2026-44185 CVE-2026-44186 CVE-2026-44631 CVE-2026-48913
CVE-2026-49975
-----------------------------------------------------------------
The container bci/php-apache was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2759-1
Released: Mon Jul 6 04:04:11 2026
Summary: Security update for apache2
Type: security
Severity: important
References: 1267503,1267955,1267956,1267962,1267963,1267965,1267969,1267970,1267971,1267972,1267976,1267977,1267978,CVE-2026-29167,CVE-2026-29170,CVE-2026-34355,CVE-2026-34356,CVE-2026-42535,CVE-2026-42536,CVE-2026-43951,CVE-2026-44119,CVE-2026-44185,CVE-2026-44186,CVE-2026-44631,CVE-2026-48913,CVE-2026-49975
This update for apache2 fixes the following issues
- CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976).
- CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977).
- CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978).
- CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955).
- CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956).
- CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962).
- CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963).
- CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965).
- CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969).
- CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of
service (bsc#1267970).
- CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971).
- CVE-2026-48913: file handle exhaustion during request processing in mod_http2 can lead to a use-after-free
(bsc#1267972).
- CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503).
The following package changes have been done:
- apache2-prefork-2.4.66-150700.4.23.1 updated
- apache2-2.4.66-150700.4.23.1 updated
More information about the sle-container-updates
mailing list