Advisory: CLSA-2024:1724788546
OS: Ubuntu 18.04 ELS
Public date: 2024-08-27 15:55:48
Project: apache2
Version: 2.4.29-1ubuntu4.27+tuxcare.els2
Errata link: https://errata.tuxcare.com/els_os/ubuntu18.04els/CLSA-2024-1724788546.html
* SECURITY UPDATE: http server use exploitable/malicious backend application - debian/patches/CVE-2024-38476.patch: prevent server usage of exploitable/malicious backend application output to run local handlers via internal redirect - CVE-2024-38476 * SECURITY UPDATE: modules regression introduced by CVE-2024-38476 fix - debian/patches/CVE-2024-39884.patch: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-38476 fix - CVE-2024-39884 * SECURITY UPDATE: modules regression introduced by CVE-2024-39884 fix - debian/patches/CVE-2024-40725.patch: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-39884 fix - CVE-2024-40725 * SECURITY UPDATE: attacker allowed to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI - debian/patches/CVE-2024-38474-38475.patch: server weakness with encoded question marks in backreferences - CVE-2024-38474 - debian/patches/CVE-2024-38474-38475.patch: server weakness in mod_rewrite when first segment of substitution matches filesystem path - CVE-2024-38475
Update command: apt-get update apt-get --only-upgrade install apache2*
apache2_2.4.29-1ubuntu4.27+tuxcare.els2_amd64.deb apache2-bin_2.4.29-1ubuntu4.27+tuxcare.els2_amd64.deb apache2-data_2.4.29-1ubuntu4.27+tuxcare.els2_all.deb apache2-dev_2.4.29-1ubuntu4.27+tuxcare.els2_amd64.deb apache2-doc_2.4.29-1ubuntu4.27+tuxcare.els2_all.deb apache2-ssl-dev_2.4.29-1ubuntu4.27+tuxcare.els2_amd64.deb apache2-suexec-custom_2.4.29-1ubuntu4.27+tuxcare.els2_amd64.deb apache2-suexec-pristine_2.4.29-1ubuntu4.27+tuxcare.els2_amd64.deb apache2-utils_2.4.29-1ubuntu4.27+tuxcare.els2_amd64.deb