CLSA-2024-1724788546

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1724788546.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2024-1724788546

Upstream

CVE-2024-38474

CVE-2024-38475

CVE-2024-38476

CVE-2024-39884

CVE-2024-40725

Published

2024-08-27T19:55:49Z

Modified

2026-06-04T10:03:14.034445387Z

Summary

Fix of 5 CVEs

Details

SECURITY UPDATE: http server use exploitable/malicious backend application
- debian/patches/CVE-2024-38476.patch: prevent server usage of exploitable/malicious backend application output to run local handlers via internal redirect
- CVE-2024-38476
SECURITY UPDATE: modules regression introduced by CVE-2024-38476 fix
- debian/patches/CVE-2024-39884.patch: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-38476 fix
- CVE-2024-39884
SECURITY UPDATE: modules regression introduced by CVE-2024-39884 fix
- debian/patches/CVE-2024-40725.patch: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-39884 fix
- CVE-2024-40725
SECURITY UPDATE: attacker allowed to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI
- debian/patches/CVE-2024-38474-38475.patch: server weakness with encoded question marks in backreferences
- CVE-2024-38474
- debian/patches/CVE-2024-38474-38475.patch: server weakness in mod_rewrite when first segment of substitution matches filesystem path
- CVE-2024-38475

References

https://errata.cloudlinux.com/ubuntu18-els/CLSA-2024-1724788546.html

Affected packages

TuxCare:Ubuntu:18.04

apache2

Package

Name: apache2
Purl: pkg:deb/tuxcare/apache2?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1724788546.json"

apache2-bin

Package

Name: apache2-bin
Purl: pkg:deb/tuxcare/apache2-bin?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1724788546.json"

apache2-data

Package

Name: apache2-data
Purl: pkg:deb/tuxcare/apache2-data?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1724788546.json"

apache2-dev

Package

Name: apache2-dev
Purl: pkg:deb/tuxcare/apache2-dev?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1724788546.json"

apache2-doc

Package

Name: apache2-doc
Purl: pkg:deb/tuxcare/apache2-doc?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1724788546.json"

apache2-ssl-dev

Package

Name: apache2-ssl-dev
Purl: pkg:deb/tuxcare/apache2-ssl-dev?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1724788546.json"

apache2-suexec-custom

Package

Name: apache2-suexec-custom
Purl: pkg:deb/tuxcare/apache2-suexec-custom?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1724788546.json"

apache2-suexec-pristine

Package

Name: apache2-suexec-pristine
Purl: pkg:deb/tuxcare/apache2-suexec-pristine?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1724788546.json"

apache2-utils

Package

Name: apache2-utils
Purl: pkg:deb/tuxcare/apache2-utils?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1724788546.json"