USN-6729-2

Source
https://ubuntu.com/security/notices/USN-6729-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-6729-2.json
Related
Published
2024-04-17T15:26:47.740746Z
Modified
2024-04-17T15:26:47.740746Z
Summary
apache2 vulnerabilities
Details

USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2023-38709)

Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2024-24795)

Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS. (CVE-2024-27316)

References

Affected packages

Ubuntu:Pro:18.04:LTS / apache2

Package

Name
apache2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.4.29-1ubuntu4.27+esm2

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "apache2-ssl-dev": "2.4.29-1ubuntu4.27+esm2",
            "apache2-dev": "2.4.29-1ubuntu4.27+esm2",
            "apache2-bin": "2.4.29-1ubuntu4.27+esm2",
            "apache2-data": "2.4.29-1ubuntu4.27+esm2",
            "apache2-suexec-pristine": "2.4.29-1ubuntu4.27+esm2",
            "apache2-doc": "2.4.29-1ubuntu4.27+esm2",
            "apache2": "2.4.29-1ubuntu4.27+esm2",
            "apache2-utils": "2.4.29-1ubuntu4.27+esm2",
            "apache2-suexec-custom": "2.4.29-1ubuntu4.27+esm2"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / apache2

Package

Name
apache2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.4.18-2ubuntu3.17+esm12

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "apache2-dev": "2.4.18-2ubuntu3.17+esm12",
            "apache2-bin": "2.4.18-2ubuntu3.17+esm12",
            "apache2-data": "2.4.18-2ubuntu3.17+esm12",
            "apache2-suexec-pristine": "2.4.18-2ubuntu3.17+esm12",
            "apache2-doc": "2.4.18-2ubuntu3.17+esm12",
            "apache2": "2.4.18-2ubuntu3.17+esm12",
            "apache2-utils": "2.4.18-2ubuntu3.17+esm12",
            "apache2-suexec-custom": "2.4.18-2ubuntu3.17+esm12"
        }
    ]
}