Advisory: CLSA-2024:1728479129
OS: Ubuntu 18.04 ELS
Public date: 2024-10-09 09:05:33
Project: apache2
Version: 2.4.29-1ubuntu4.27+tuxcare.els4
Errata link: https://errata.tuxcare.com/els_os/ubuntu18.04els/CLSA-2024-1728479129.html
* SECURITY UPDATE: Memory exhaustion due to excessive HTTP/2 incoming headers buffering - debian/patches/CVE-2024-27316.patch: Fix to bail after too many failed reads, increment count on request headers failed to add - CVE-2024-27316 * SECURITY UPDATE: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses - debian/patches/CVE-2023-38709.patch: header validation after content-* are eval'ed - CVE-2023-38709 * SECURITY UPDATE: HTTP response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack - debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for non-http handlers - CVE-2024-24795
Update command: apt-get update apt-get --only-upgrade install apache2*
apache2_2.4.29-1ubuntu4.27+tuxcare.els4_amd64.deb apache2-bin_2.4.29-1ubuntu4.27+tuxcare.els4_amd64.deb apache2-data_2.4.29-1ubuntu4.27+tuxcare.els4_all.deb apache2-dev_2.4.29-1ubuntu4.27+tuxcare.els4_amd64.deb apache2-doc_2.4.29-1ubuntu4.27+tuxcare.els4_all.deb apache2-ssl-dev_2.4.29-1ubuntu4.27+tuxcare.els4_amd64.deb apache2-suexec-custom_2.4.29-1ubuntu4.27+tuxcare.els4_amd64.deb apache2-suexec-pristine_2.4.29-1ubuntu4.27+tuxcare.els4_amd64.deb apache2-utils_2.4.29-1ubuntu4.27+tuxcare.els4_amd64.deb