ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
ELS for PHP
- CVEs
- Releases
- Projects
- Documentation
ELS for Python
- CVEs
- Releases
- Projects
- Documentation
ELS for Dotnet
- CVEs
- Releases
- Projects
- Documentation
ELS for Node.js
- CVEs
- Releases
- Projects
- Documentation

Release Info

Advisory: CLSA-2025:1757428404

OS: Ubuntu 16.04 ELS

Public date: 2025-09-09 14:33:26.782448

Project: apache2

Version: 1:2.4.18-2ubuntu3.17+tuxcare.els16

Errata link: https://errata.tuxcare.com/els_os/ubuntu16.04els/CLSA-2025-1757428404.html

Changelog

* SECURITY UPDATE: access control bypass by trusted clients via TLS 1.3 session resumption - debian/patches/CVE-2025-23048.patch: update SNI validation to fix compatibility issue - CVE-2025-23048

Update

Update command: apt-get update apt-get --only-upgrade install apache2*

Packages list

apache2_2.4.18-2ubuntu3.17+tuxcare.els16_amd64.deb apache2-bin_2.4.18-2ubuntu3.17+tuxcare.els16_amd64.deb apache2-data_2.4.18-2ubuntu3.17+tuxcare.els16_all.deb apache2-dev_2.4.18-2ubuntu3.17+tuxcare.els16_amd64.deb apache2-doc_2.4.18-2ubuntu3.17+tuxcare.els16_all.deb apache2-suexec-custom_2.4.18-2ubuntu3.17+tuxcare.els16_amd64.deb apache2-suexec-pristine_2.4.18-2ubuntu3.17+tuxcare.els16_amd64.deb apache2-utils_2.4.18-2ubuntu3.17+tuxcare.els16_amd64.deb

CVEs

CVE-2025-23048