Pulojekiti ya Apache HTTP Server yatulutsa chikalata chokonzera zinthu. httpd 2.4.67, momwe chiwopsezocho chachotsedwa CVE-2026-23918 mu kukhazikitsa HTTP/2. Vutoli laonedwa kuti ndi lofunika kwambiri ofunika ndipo ikugwirizana ndi cholakwika cha kalasi ufulu wapawiri Pokonza njira yoyambitsira kubwezeretsanso kulumikizana mu HTTP/2. Pakakhala zovuta, cholakwikacho sichingoyambitsa ngozi ya ntchito, komanso kuthekera kogwiritsa ntchito ma code akutali.
Malinga ndi kufotokozera kwa Apache, kufooka kumakhudza Apache HTTP Server 2.4.66Ogwiritsa ntchito mtundu uwu akulangizidwa kuti asinthe kukhala 2.4.67, komwe vutoli lakonzedwa. Bartlomiej Dmitruk wochokera ku striga.ai ndi Stanislaw Strzalkowski wochokera ku isec.pl ndi omwe adatchulidwa kuti ndi anthu omwe adapeza kufooka kumeneku.
Chosintha cha bukuli chikuwonetsanso kusinthaku. mod_http2 mpaka version 2.0.37, zomwe zinaletsa kuchotsedwa kwa mtsinje mobwerezabwereza komwe kunapangitsa kuti pakhale double free, kenako pa 2.0.38 ndi 2.0.39. Kuwonjezera pa CVE-2026-23918, kutulutsidwa kumeneku kukufotokoza mavuto ena ambiri achitetezo mu mod_proxy_ajp, mod_auth_digest, mod_authn_socache, mod_md, mod_rewrite, ndi zigawo zina.
Kumasula Apache httpd 2.4.67 Lofalitsidwa pa Meyi 4, 2026, kutulutsidwa kumeneku ndi mtundu womwe ukulangizidwa pano wa nthambi yokhazikika ya 2.4.x. Oyang'anira omwe akugwiritsa ntchito Apache yokhala ndi HTTP/2 ayenera kuganizira kukweza kumeneku kukhala kofunika kwambiri, makamaka ngati 2.4.66 ikugwiritsidwa ntchito kale.
Source: linux.org.ru
