Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Ubuntu 26.04 Apache2 Important Memory Crash Threat USN-8239-1

Calendar May 06, 2026 User Avatar LinuxSecurity Advisories
2 - 4 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service Ubuntu important memory issue apache2
Several security issues were fixed in Apache HTTP Server. 
==========================================================================
Ubuntu Security Notice USN-8239-1
May 06, 2026

apache2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in Apache HTTP Server.

Software Description:
- apache2: Apache HTTP server

Details:

Bartlomiej Dmitruk and Stanislaw Strzalkowski discovered that Apache
HTTP Server incorrectly handled certain memory operations when using the
HTTP/2 protocol. A remote attacker could use this issue to cause Apache
HTTP Server to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 26.04 LTS.
(CVE-2026-23918)

It was discovered that the Apache HTTP Server mod_rewrite module
incorrectly handled certain privileges. A local attacker could possibly use
this issue to obtain sensitive information. (CVE-2026-24072)

Andrew Lacambra, Elhanan Haenel, Tianshuo Han, and Tristan Madani
discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly
handled certain AJP server messages. An attacker in control of a backend
AJP server could use this issue to cause Apache HTTP Server to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2026-28780)

Pavel Kohout discovered that Apache HTTP Server did not properly limit
resource allocation in mod_md when processing OCSP response data. A
remote attacker could possibly use this issue to cause a denial of
service. (CVE-2026-29168)

Pavel Kohout discovered that the Apache HTTP Server incorrectly handled
certain memory operations in mod_dav_lock. A remote attacker could possibly
use this issue to cause Apache HTTP Server to crash, resulting in a denial
of service. (CVE-2026-29169)

Nitescu Lucian discovered that Apache HTTP Server had a timing attack
vulnerability in mod_auth_digest. A remote attacker could possibly
use this issue to bypass Digest authentication. (CVE-2026-33006)

Pavel Kohout and Arkadi Vainbrand discovered that Apache HTTP Server
incorrectly handled certain memory operations in mod_authn_socache. A
remote attacker could possibly use this issue to cause Apache HTTP Server
to crash, resulting in a denial of service. (CVE-2026-33007)

Haruki Oyama, Merih Mengisteab, and Dawit Jeong discovered that
Apache HTTP Server had an HTTP response splitting vulnerability in
multiple modules when used with untrusted or compromised backend
servers. An attacker could possibly use this issue to inject arbitrary
HTTP headers. (CVE-2026-33523)

Elhanan Haenel discovered that Apache HTTP Server incorrectly handled
certain memory operations in mod_proxy_ajp. A remote attacker could
possibly use this issue to cause Apache HTTP Server to crash, resulting in
a denial of service. (CVE-2026-33857)

Tianshuo Han and J�r�me Djouder discovered that Apache HTTP Server
incorrectly handled certain string operations in mod_proxy_ajp. A remote
attacker could possibly use this issue to obtain sensitive information.
(CVE-2026-34032)

Elhanan Haenel discovered that Apache HTTP Server incorrectly handled
certain memory operations in mod_proxy_ajp. A remote attacker could use
this issue to cause Apache HTTP Server to crash, resulting in a denial of
service, or possibly obtain sensitive information. (CVE-2026-34059)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  apache2                         2.4.66-2ubuntu2.1

Ubuntu 25.10
  apache2                         2.4.64-1ubuntu3.4

Ubuntu 24.04 LTS
  apache2                         2.4.58-1ubuntu8.12

Ubuntu 22.04 LTS
  apache2                         2.4.52-1ubuntu4.20

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8239-1
  CVE-2026-23918, CVE-2026-24072, CVE-2026-28780, CVE-2026-29168,
  CVE-2026-29169, CVE-2026-33006, CVE-2026-33007, CVE-2026-33523,
  CVE-2026-33857, CVE-2026-34032, CVE-2026-34059

Package Information:
  https://launchpad.net/ubuntu/+source/apache2/2.4.66-2ubuntu2.1
  https://launchpad.net/ubuntu/+source/apache2/2.4.64-1ubuntu3.4
  https://launchpad.net/ubuntu/+source/apache2/2.4.58-1ubuntu8.12
  https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.20

Ubuntu 26.04 Apache2 Important Memory Crash Threat USN-8239-1

ubuntu
Calendar Grey May 6, 2026
Dist Ubuntu Esm H88
Several issues fixed in Apache HTTP Server on Ubuntu, impacting security and performance. Immediate updates recommended.
Several security issues were fixed in Apache HTTP Server.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: Bartlomiej Dmitruk and Stanislaw Strzalkowski discovered that Apache HTTP Server incorrectly handled certain memory operations when using the HTTP/2 protocol. A remote attacker could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-23918) It was discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain privileges. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2026-24072) Andrew Lacambra, Elhanan Haenel, Tianshuo Han, and Tristan Madani discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly handled cer...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu important memory issue apache2

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS apache2 2.4.66-2ubuntu2.1 Ubuntu 25.10 apache2 2.4.64-1ubuntu3.4 Ubuntu 24.04 LTS apache2 2.4.58-1ubuntu8.12 Ubuntu 22.04 LTS apache2 2.4.52-1ubuntu4.20 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8239-1

CVE-2026-23918, CVE-2026-24072, CVE-2026-28780, CVE-2026-29168,

CVE-2026-29169, CVE-2026-33006, CVE-2026-33007, CVE-2026-33523,

CVE-2026-33857, CVE-2026-34032, CVE-2026-34059

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8239-1

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu important memory issue apache2

Package Information

https://launchpad.net/ubuntu/+source/apache2/2.4.66-2ubuntu2.1 https://launchpad.net/ubuntu/+source/apache2/2.4.64-1ubuntu3.4 https://launchpad.net/ubuntu/+source/apache2/2.4.58-1ubuntu8.12 https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.20

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here