Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Ubuntu 18.04 & 16.04: USN-6729-2 critical: Apache HTTP request splitting

ubuntu
Calendar Grey April 17, 2024
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-6729-3 tackles severe weaknesses in Apache HTTP Server affecting LTS editions.
Several security issues were fixed in Apache HTTP Server.

Summary

Several security issues were fixed in Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

USN-6729-1 fixed several vulnerabilities in Apache. This update provides

the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Orange Tsai discovered that the Apache HTTP Server incorrectly handled

validating certain input. A remote attacker could possibly use this

issue to perform HTTP request splitting attacks. (CVE-2023-38709)

Keran Mu and Jianjun Chen discovered that the Apache HTTP Server

incorrectly handled validating certain input. A remote attacker could

possibly use this issue to perform HTTP request splitting attacks.

(CVE-2024-24795)

Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module

incorrectly handled endless continuation frames. A remote attacker could

possibly use this issue to cause the server to consume resources, leading

to a denial of service. This issue was addressed ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  apache2                         2.4.29-1ubuntu4.27+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  apache2                         2.4.18-2ubuntu3.17+esm12

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6729-2

https://ubuntu.com/security/notices/USN-6729-1

CVE-2023-38709, CVE-2024-24795, CVE-2024-27316

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6729-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here