Alerts This Week
Warning Icon 1 1,161
Alerts This Week
Warning Icon 1 1,161

Ubuntu 18.04 & 16.04: USN-6885-3 Critical Apache Security Updates

ubuntu
Calendar Grey September 18, 2024
Dist Ubuntu Esm H88
Multiple vulnerabilities have been identified in the Apache HTTP Server affecting both Ubuntu 16.04 and 18.04 LTS. Patches are now released.
Several security issues were fixed in Apache HTTP Server.

Summary

Several security issues were fixed in Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

USN-6885-1 fixed several vulnerabilities in Apache. This update provides

the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Orange Tsai discovered that the Apache HTTP Server mod_rewrite module

incorrectly handled certain substitutions. A remote attacker could

possibly use this issue to execute scripts in directories not directly

reachable by any URL, or cause a denial of service. Some environments

may require using the new UnsafeAllow3F flag to handle unsafe

substitutions. (CVE-2024-38474, CVE-2024-38475)

Orange Tsai discovered that the Apache HTTP Server incorrectly handled

certain response headers. A remote attacker could possibly use this issue

to obtain sensitive information, execute local scripts, or perform SSRF

attacks. (CVE-2024-38476)

Orange Tsai discovered that the Apache HTTP Server mod_proxy...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service remote code execution apache ubuntu response headers

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
  apache2                         2.4.29-1ubuntu4.27+esm3
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  apache2                         2.4.18-2ubuntu3.17+esm13
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6885-3

https://ubuntu.com/security/notices/USN-6885-2

https://ubuntu.com/security/notices/USN-6885-1

CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6885-3

Topics%20covered

Topics Covered

security advisory denial of service remote code execution apache ubuntu response headers

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here