Alerts This Week
Warning Icon 1 840
Alerts This Week
Warning Icon 1 840

Ubuntu 20.04 Apache2 Denial of Service Information Issues USN-8396-1

ubuntu
Calendar Grey June 12, 2026
Dist Ubuntu Esm H88
Numerous security fixes are applied to Apache HTTP Server in various Ubuntu versions. Ensure your systems are secured.
Several security issues were fixed in Apache HTTP Server.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: It was discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain privileges. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2026-24072) Andrew Lacambra, Elhanan Haenel, Tianshuo Han, and Tristan Madani discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly handled certain AJP server messages. An attacker in control of a backend AJP server could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-28780) Pavel Kohout discovered that the Apache HTTP Server incorrectly handled certain memory operations in mod_dav_lock. A remote attacker could poss...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service software update Ubuntu information disclosure apache2

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS apache2 2.4.41-4ubuntu3.23+esm4 Available with Ubuntu Pro apache2-bin 2.4.41-4ubuntu3.23+esm4 Available with Ubuntu Pro apache2-dev 2.4.41-4ubuntu3.23+esm4 Available with Ubuntu Pro apache2-ssl-dev 2.4.41-4ubuntu3.23+esm4 Available with Ubuntu Pro apache2-utils 2.4.41-4ubuntu3.23+esm4 Available with Ubuntu Pro libapache2-mod-md 2.4.41-4ubuntu3.23+esm4 Available with Ubuntu Pro Ubuntu 18.04 LTS apache2 2.4.29-1ubuntu4.27+esm9 Available with Ubuntu Pro apache2-bin 2.4.29-1ubuntu4.27+esm9 Available with Ubuntu Pro apache2-dev 2.4.29-1ubuntu4.27+esm9 Available with Ubuntu Pro apache2-ssl-dev 2.4.29-1ubuntu4.27+esm9 Available with Ubuntu Pro apache2-utils 2.4.29-1ubuntu4.27+esm9 Available with Ubuntu Pro Ubuntu 16.04 LTS apache2 2.4.18-2ubuntu3.17+esm18 Available with Ubuntu Pro apache2-bin 2.4.18-2ubuntu3.17+esm18 Available with Ubuntu Pro apache2-data 2.4.18-2ubuntu3.17+esm18 Available with Ubuntu Pro apache2-dev 2.4.18-2ubuntu3.17+esm18 Available with Ubuntu Pro apache2-utils 2.4.18-2ubuntu3.17+esm18 Available with Ubuntu Pro Ubuntu 14.04 LTS apache2 2.4.7-1ubuntu4.22+esm13 Available with Ubuntu Pro apache2-bin 2.4.7-1ubuntu4.22+esm13 Available with Ubuntu Pro apache2-dev 2.4.7-1ubuntu4.22+esm13 Available with Ubuntu Pro apache2-utils 2.4.7-1ubuntu4.22+esm13 Available with Ubuntu Pro apache2.2-bin 2.4.7-1ubuntu4.22+esm13 Available with Ubuntu Pro After a standard system update you need to restart apache2 to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8396-1

CVE-2026-24072, CVE-2026-28780, CVE-2026-29169, CVE-2026-34059

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8396-1

Topics%20covered

Topics Covered

security advisory denial of service software update Ubuntu information disclosure apache2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here