Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 20.04 LTS: USN-7639-2 Fix for Apache HTTP Server DoS Vulnerability

ubuntu
Calendar Grey August 20, 2025
Dist Ubuntu Esm H88
Essential security updates resolve various vulnerabilities in the Apache HTTP Server for Ubuntu distributions, boosting server protection.
Several security issues were fixed in Apache HTTP Server.

Summary

Several security issues were fixed in Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

USN-7639-1 fixed several vulnerabilities in Apache. This update

provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu

18.04 LTS, Ubuntu 20.04 LTS, and addressed a regression

fix (LP: #2119395). CVE-2025-49630 and CVE-2025-53020 only

affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

Original advisory details:

 It was discovered that the Apache HTTP Server incorrectly handled

 certain Content-Type response headers. A remote attacker could

 possibly use this issue to perform HTTP response splitting attacks.

 (CVE-2024-42516)

 xiaojunjie discovered that the Apache HTTP Server mod_proxy module

 incorrectly handled certain requests. A remote attacker could

 possibly use this issue to send outbound proxy requests to an

 arbitrary URL. (CVE-2024-43204)

 John Runyon discovered that the Apache HTTP Server mod_ssl module

 inc...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  apache2                         2.4.41-4ubuntu3.23+esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  apache2                         2.4.29-1ubuntu4.27+esm6
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  apache2                         2.4.18-2ubuntu3.17+esm16
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary
changes.

References

  https://ubuntu.com/security/notices/USN-7639-2

  https://ubuntu.com/security/notices/USN-7639-1

  CVE-2024-42516, CVE-2024-43204, CVE-2024-47252, CVE-2025-23048,

  CVE-2025-49630, CVE-2025-49812, CVE-2025-53020,

https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2119395

Severity
critical
Lowest
Low
Medium
High
Critical

===

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here