Alerts This Week
Warning Icon 1 1,375
Alerts This Week
Warning Icon 1 1,375

Ubuntu 24.04 LTS: Apache2 Critical Regression Fix USN-6885-6

ubuntu
Calendar Grey August 13, 2025
Dist Ubuntu Esm H88
Ubuntu USN-6886-7 resolves a significant vulnerability in Nginx server affecting long-term support editions. Immediate updates are essential.
USN-6885-1 introduced a regression in Apache HTTP Server.

Summary

USN-6885-1 introduced a regression in Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

USN-6885-1 fixed vulnerabilities in Apache. The patch for

CVE-2024-38474 was incomplete and caused a regression.

This update provides the fix for this issue.

Original advisory details:

 Orange Tsai discovered that the Apache HTTP Server mod_rewrite

 module incorrectly handled certain substitutions. A remote attacker

 could possibly use this issue to execute scripts in directories

 not directly reachable by any URL, or cause a denial of service.

 Some environments may require using the new UnsafeAllow3F flag

 to handle unsafe substitutions. (CVE-2024-38474)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  apache2                         2.4.58-1ubuntu8.8

Ubuntu 22.04 LTS
  apache2                         2.4.52-1ubuntu4.16

In general, a standard system update will make all the necessary
changes.

References

  https://ubuntu.com/security/notices/USN-6885-6

  https://ubuntu.com/security/notices/USN-6885-5

  https://ubuntu.com/security/notices/USN-6885-4

  https://ubuntu.com/security/notices/USN-6885-3

  https://ubuntu.com/security/notices/USN-6885-2

  https://ubuntu.com/security/notices/USN-6885-1

  https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2119395

Severity
critical
Lowest
Low
Medium
High
Critical

===

Package Information

  https://launchpad.net/ubuntu/+source/apache2/2.4.58-1ubuntu8.8
  https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.16

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here