Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 24.10: USN-6885-4 critical: apache2 regression issue

ubuntu
Calendar Grey April 7, 2025
Dist Ubuntu Esm H88
USN-6885-4 resolves an issue in the Apache HTTP Server impacting various Ubuntu versions since March 2025.
USN-6885-1 introduced a regression in Apache HTTP Server.

Summary

USN-6885-1 introduced a regression in Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

USN-6885-1 fixed a vulnerability in Apache. The patch

for CVE-2024-38474 was incomplete and caused regressions.

This update provides the fix for that issue.

Original advisory details:

Orange Tsai discovered that the Apache HTTP Server mod_rewrite module

incorrectly handled certain substitutions. A remote attacker could

possibly use this issue to execute scripts in directories not directly

reachable by any URL, or cause a denial of service. Some environments

may require using the new UnsafeAllow3F flag to handle unsafe

substitutions. (CVE-2024-38474)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  apache2                         2.4.62-1ubuntu1.1

Ubuntu 24.04 LTS
  apache2                         2.4.58-1ubuntu8.6

Ubuntu 22.04 LTS
  apache2                         2.4.52-1ubuntu4.14

Ubuntu 20.04 LTS
  apache2                         2.4.41-4ubuntu3.23

Ubuntu 18.04 LTS
  apache2                         2.4.29-1ubuntu4.27+esm4
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  apache2                         2.4.18-2ubuntu3.17+esm14
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6885-4

https://ubuntu.com/security/notices/USN-6885-3

https://ubuntu.com/security/notices/USN-6885-2

https://ubuntu.com/security/notices/USN-6885-1

https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2103723

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6885-4

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here