USN-6729-3: Apache HTTP Server vulnerabilities

Releases

• Ubuntu 24.04 LTS

Packages

• apache2 - Apache HTTP server

Details

USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update
provides the corresponding updates for Ubuntu 24.04 LTS.

Original advisory details:

Orange Tsai discovered that the Apache HTTP Server incorrectly handled
validating certain input. A remote attacker could possibly use this
issue to perform HTTP request splitting attacks. (CVE-2023-38709)

Keran Mu and Jianjun Chen discovered that the Apache HTTP Server
incorrectly handled validating certain input. A remote attacker could
possibly use this issue to perform HTTP request splitting attacks.
(CVE-2024-24795)

Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module
incorrectly handled endless continuation frames. A remote attacker could
possibly use this issue to cause the server to consume resources, leading
to a denial of service. (CVE-2024-27316)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.04

• apache2 - 2.4.58-1ubuntu8.1

In general, a standard system update will make all the necessary changes.

References

• CVE-2024-27316
• CVE-2023-38709
• CVE-2024-24795

Related notices

• USN-6729-1: apache2-data, apache2-suexec-pristine, apache2-bin, apache2-suexec-custom, apache2-ssl-dev, libapache2-mod-proxy-uwsgi, apache2-utils, apache2-dev, libapache2-mod-md, apache2-doc, apache2
• USN-6729-2: apache2-data, apache2-suexec-pristine, apache2-bin, apache2-suexec-custom, apache2-ssl-dev, apache2-utils, apache2-dev, apache2-doc, apache2