CLSA-2024-1728479129

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2024-1728479129

Upstream

CVE-2023-38709

CVE-2024-24795

CVE-2024-27316

Published

2024-10-09T13:05:34Z

Modified

2026-06-04T09:46:09.238044668Z

Summary

Fix CVE(s): CVE-2023-38709, CVE-2024-24795, CVE-2024-27316

Details

SECURITY UPDATE: Memory exhaustion due to excessive HTTP/2 incoming headers buffering
- debian/patches/CVE-2024-27316.patch: Fix to bail after too many failed reads, increment count on request headers failed to add
- CVE-2024-27316
SECURITY UPDATE: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses
- debian/patches/CVE-2023-38709.patch: header validation after content-* are eval'ed
- CVE-2023-38709
SECURITY UPDATE: HTTP response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack
- debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for non-http handlers
- CVE-2024-24795

References

https://errata.cloudlinux.com/ubuntu18-els/CLSA-2024-1728479129.html

Affected packages

TuxCare:Ubuntu:18.04

apache2

Package

Name: apache2
Purl: pkg:deb/tuxcare/apache2?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els4

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json"

apache2-bin

Package

Name: apache2-bin
Purl: pkg:deb/tuxcare/apache2-bin?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els4

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json"

apache2-data

Package

Name: apache2-data
Purl: pkg:deb/tuxcare/apache2-data?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els4

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json"

apache2-dev

Package

Name: apache2-dev
Purl: pkg:deb/tuxcare/apache2-dev?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els4

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json"

apache2-doc

Package

Name: apache2-doc
Purl: pkg:deb/tuxcare/apache2-doc?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els4

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json"

apache2-ssl-dev

Package

Name: apache2-ssl-dev
Purl: pkg:deb/tuxcare/apache2-ssl-dev?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els4

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json"

apache2-suexec-custom

Package

Name: apache2-suexec-custom
Purl: pkg:deb/tuxcare/apache2-suexec-custom?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els4

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json"

apache2-suexec-pristine

Package

Name: apache2-suexec-pristine
Purl: pkg:deb/tuxcare/apache2-suexec-pristine?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els4

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json"

apache2-utils

Package

Name: apache2-utils
Purl: pkg:deb/tuxcare/apache2-utils?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.27+tuxcare.els4

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json"