Package "apache2"
| Name: |
apache2
|
Description: |
Apache HTTP Server
|
| Latest version: |
2.4.58-1ubuntu8.6 |
| Release: |
noble (24.04) |
| Level: |
updates |
| Repository: |
main |
| Homepage: |
https://httpd.apache.org/ |
Links
Download "apache2"
Other versions of "apache2" in Noble
Packages in group
Deleted packages are displayed in grey.
Changelog
|
apache2 (2.4.58-1ubuntu8.1) noble-security; urgency=medium
* SECURITY UPDATE: HTTP response splitting
- debian/patches/CVE-2023-38709.patch: header validation after
content-* are eval'ed in modules/http/http_filters.c.
- CVE-2023-38709
* SECURITY UPDATE: HTTP Response Splitting in multiple modules
- debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for
non-http handlers in include/util_script.h,
modules/aaa/mod_authnz_fcgi.c, modules/generators/mod_cgi.c,
modules/generators/mod_cgid.c, modules/http/http_filters.c,
modules/proxy/ajp_header.c, modules/proxy/mod_proxy_fcgi.c,
modules/proxy/mod_proxy_scgi.c, modules/proxy/mod_proxy_uwsgi.c.
- CVE-2024-24795
* SECURITY UPDATE: HTTP/2 DoS by memory exhaustion on endless
continuation frames
- debian/patches/CVE-2024-27316.patch: bail after too many failed reads
in modules/http2/h2_session.c, modules/http2/h2_stream.c,
modules/http2/h2_stream.h.
- CVE-2024-27316
-- Marc Deslauriers <email address hidden> Thu, 18 Apr 2024 11:13:41 -0400
|
| CVE-2023-38709 |
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects |
| CVE-2024-24795 |
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applicat |
| CVE-2024-27316 |
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client do |
|
About
-
Send Feedback to @ubuntu_updates
