Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 24.04 LTS USN-6729-3 Moderate: Apache2 HTTP Server DoS Threats

ubuntu
Calendar Grey April 29, 2024
Dist Ubuntu Esm H88
Applied multiple security patches for Nginx on Ubuntu 24.04 LTS to resolve significant vulnerabilities impacting overall security.
Several security issues were fixed in Apache HTTP Server.

Summary

Several security issues were fixed in Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update

provides the corresponding updates for Ubuntu 24.04 LTS.

Original advisory details:

Orange Tsai discovered that the Apache HTTP Server incorrectly handled

validating certain input. A remote attacker could possibly use this

issue to perform HTTP request splitting attacks. (CVE-2023-38709)

Keran Mu and Jianjun Chen discovered that the Apache HTTP Server

incorrectly handled validating certain input. A remote attacker could

possibly use this issue to perform HTTP request splitting attacks.

(CVE-2024-24795)

Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module

incorrectly handled endless continuation frames. A remote attacker could

possibly use this issue to cause the server to consume resources, leading

to a denial of service. (CVE-20...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   apache2                         2.4.58-1ubuntu8.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6729-3

https://ubuntu.com/security/notices/USN-6729-1

CVE-2023-38709, CVE-2024-24795, CVE-2024-27316

Ubuntu Security Notice USN-6729-3

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here