USN-6729-1

Source

https://ubuntu.com/security/notices/USN-6729-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-6729-1.json

Related

Published

2024-04-11T16:19:44.905666Z

Modified

2024-04-11T16:19:44.905666Z

Summary

apache2 vulnerabilities

Details

Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2023-38709)

Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2024-24795)

Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. (CVE-2024-27316)

References

Affected packages

Ubuntu:20.04:LTS / apache2

Package

Name: apache2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.4.41-4ubuntu3.17

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "apache2-ssl-dev": "2.4.41-4ubuntu3.17",
            "apache2-dev": "2.4.41-4ubuntu3.17",
            "apache2-bin": "2.4.41-4ubuntu3.17",
            "apache2-data": "2.4.41-4ubuntu3.17",
            "apache2-suexec-pristine": "2.4.41-4ubuntu3.17",
            "libapache2-mod-proxy-uwsgi": "2.4.41-4ubuntu3.17",
            "apache2-doc": "2.4.41-4ubuntu3.17",
            "libapache2-mod-md": "2.4.41-4ubuntu3.17",
            "apache2": "2.4.41-4ubuntu3.17",
            "apache2-utils": "2.4.41-4ubuntu3.17",
            "apache2-suexec-custom": "2.4.41-4ubuntu3.17"
        }
    ]
}

Ubuntu:22.04:LTS / apache2

Package

Name: apache2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.4.52-1ubuntu4.9

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "apache2-ssl-dev": "2.4.52-1ubuntu4.9",
            "apache2-dev": "2.4.52-1ubuntu4.9",
            "apache2-bin": "2.4.52-1ubuntu4.9",
            "apache2-data": "2.4.52-1ubuntu4.9",
            "apache2-suexec-pristine": "2.4.52-1ubuntu4.9",
            "libapache2-mod-proxy-uwsgi": "2.4.52-1ubuntu4.9",
            "apache2-doc": "2.4.52-1ubuntu4.9",
            "libapache2-mod-md": "2.4.52-1ubuntu4.9",
            "apache2": "2.4.52-1ubuntu4.9",
            "apache2-utils": "2.4.52-1ubuntu4.9",
            "apache2-suexec-custom": "2.4.52-1ubuntu4.9"
        }
    ]
}

Ubuntu:23.10 / apache2

Package

Name: apache2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.4.57-2ubuntu2.4

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "apache2-ssl-dev": "2.4.57-2ubuntu2.4",
            "apache2-dev": "2.4.57-2ubuntu2.4",
            "apache2-bin": "2.4.57-2ubuntu2.4",
            "apache2-data": "2.4.57-2ubuntu2.4",
            "apache2-suexec-pristine": "2.4.57-2ubuntu2.4",
            "libapache2-mod-proxy-uwsgi": "2.4.57-2ubuntu2.4",
            "apache2-doc": "2.4.57-2ubuntu2.4",
            "libapache2-mod-md": "2.4.57-2ubuntu2.4",
            "apache2": "2.4.57-2ubuntu2.4",
            "apache2-utils": "2.4.57-2ubuntu2.4",
            "apache2-suexec-custom": "2.4.57-2ubuntu2.4"
        }
    ]
}