SUSE-CU-2026:6779-1: Security update of bci/php-apache

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Mon Jul 6 07:29:35 UTC 2026


SUSE Container Update Advisory: bci/php-apache
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:6779-1
Container Tags        : bci/php-apache:8 , bci/php-apache:8-sles15 , bci/php-apache:8.3.31 , bci/php-apache:8.3.31-24.7 , bci/php-apache:latest
Container Release     : 24.7
Severity              : important
Type                  : security
References            : 1267503 1267955 1267956 1267962 1267963 1267965 1267969 1267970
                        1267971 1267972 1267976 1267977 1267978 CVE-2026-29167 CVE-2026-29170
                        CVE-2026-34355 CVE-2026-34356 CVE-2026-42535 CVE-2026-42536 CVE-2026-43951
                        CVE-2026-44119 CVE-2026-44185 CVE-2026-44186 CVE-2026-44631 CVE-2026-48913
                        CVE-2026-49975 
-----------------------------------------------------------------

The container bci/php-apache was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:2759-1
Released:    Mon Jul  6 04:04:11 2026
Summary:     Security update for apache2
Type:        security
Severity:    important
References:  1267503,1267955,1267956,1267962,1267963,1267965,1267969,1267970,1267971,1267972,1267976,1267977,1267978,CVE-2026-29167,CVE-2026-29170,CVE-2026-34355,CVE-2026-34356,CVE-2026-42535,CVE-2026-42536,CVE-2026-43951,CVE-2026-44119,CVE-2026-44185,CVE-2026-44186,CVE-2026-44631,CVE-2026-48913,CVE-2026-49975
This update for apache2 fixes the following issues

- CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976).
- CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977).
- CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978).
- CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955).
- CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956).
- CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962).
- CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963).
- CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965).
- CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969).
- CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of
  service (bsc#1267970).
- CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971).
- CVE-2026-48913: file handle exhaustion during request processing in mod_http2 can lead to a use-after-free
  (bsc#1267972).
- CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503).


The following package changes have been done:

- apache2-prefork-2.4.66-150700.4.23.1 updated
- apache2-2.4.66-150700.4.23.1 updated


More information about the sle-container-updates mailing list