rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: RHEL-175055 - httpd: heap-based buffer over-read and memory

Browse Source 
disclosure in ajp_parse_data() (CVE-2026-34059)
This commit is contained in:
Luboš Uhliarik 2026-05-13 16:06:01 +02:00
parent e46ed8b79e
commit c33900c646
2 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
httpd-2.4.37-CVE-2026-34059.patch Normal file
View File

@ -0,0 +1,16 @@
diff --git a/modules/proxy/ajp_header.c b/modules/proxy/ajp_header.c
index 680a8f3..768ffbb 100644
--- a/modules/proxy/ajp_header.c
+++ b/modules/proxy/ajp_header.c
@@ -817,6 +817,11 @@ apr_status_t ajp_parse_data(request_rec *r, ajp_msg_t *msg,
* 1 : The last byte of this message always seems to be
* 0x00 and is not part of the chunk.
*/
+ if (msg->len < AJP_HEADER_LEN + AJP_HEADER_SZ_LEN + 1 + 1) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10546)
+ "ajp_parse_data: Message too small");
+ return AJP_EBAD_HEADER;
+ }
expected_len = msg->len - (AJP_HEADER_LEN + AJP_HEADER_SZ_LEN + 1 + 1);
if (*len != expected_len) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00998)

5
httpd.spec
View File

@ -307,6 +307,8 @@ Patch256: httpd-2.4.37-CVE-2026-33007.patch
Patch257: httpd-2.4.37-CVE-2026-33857.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2464952
Patch258: httpd-2.4.37-CVE-2026-34032.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2464940
Patch259: httpd-2.4.37-CVE-2026-34059.patch
License: ASL 2.0
Group: System Environment/Daemons
@ -555,6 +557,7 @@ interface for storing and accessing per-user session data.
%patch256 -p1 -b .CVE-2026-33007
%patch257 -p1 -b .CVE-2026-33857
%patch258 -p1 -b .CVE-2026-34032
%patch259 -p1 -b .CVE-2026-34059
%patch96 -p1 -b .r1922080
@ -1075,6 +1078,8 @@ rm -rf $RPM_BUILD_ROOT
in AJP getter functions (CVE-2026-33857)
- Resolves: RHEL-175620 - httpd:2.4/httpd: NULL pointer dereference via
specially crafted request (CVE-2026-29169)
- Resolves: RHEL-175055 - httpd: heap-based buffer over-read and memory
disclosure in ajp_parse_data() (CVE-2026-34059)
* Fri Dec 12 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.7
- Resolves: RHEL-135054 - httpd: Apache HTTP Server: mod_userdir+suexec bypass