Release Info

Advisory: CLSA-2024:1725012024

OS: Ubuntu 16.04 ELS

Public date: 2024-08-30 06:00:26

Project: apache2

Version: 1:2.4.18-2ubuntu3.17+tuxcare.els15

Errata link: https://errata.tuxcare.com/els_os/ubuntu16.04els/CLSA-2024-1725012024.html

Changelog

* SECURITY UPDATE: null pointer dereference in mod_proxy - debian/patches/CVE-2024-38477.patch: prevent crash resulting in Denial of Service in mod_proxy via a malicious request - CVE-2024-38477

Update

Update command: apt-get update apt-get --only-upgrade install apache2*

Packages list

apache2_2.4.18-2ubuntu3.17+tuxcare.els15_amd64.deb apache2-bin_2.4.18-2ubuntu3.17+tuxcare.els15_amd64.deb apache2-data_2.4.18-2ubuntu3.17+tuxcare.els15_all.deb apache2-dev_2.4.18-2ubuntu3.17+tuxcare.els15_amd64.deb apache2-doc_2.4.18-2ubuntu3.17+tuxcare.els15_all.deb apache2-suexec-custom_2.4.18-2ubuntu3.17+tuxcare.els15_amd64.deb apache2-suexec-pristine_2.4.18-2ubuntu3.17+tuxcare.els15_amd64.deb apache2-utils_2.4.18-2ubuntu3.17+tuxcare.els15_amd64.deb

CVEs

CVE-2024-27316
CVE-2024-39884
CVE-2024-38476
CVE-2024-40725
CVE-2024-38477
CVE-2023-38709
CVE-2024-24795
CVE-2024-38474
CVE-2024-38475