Advisory: CLSA-2025:1760711358
OS: Debian 10 ELS
Public date: 2025-10-17 14:29:24.022906
Project: apache2
Version: 2.4.59-1~deb10u1+tuxcare.els2
Errata link: https://errata.tuxcare.com/els_os/debian10els/CLSA-2025-1760711358.html
* SECURITY UPDATE: mod_rewrite proxy handler substitution and prefix_stat vulnerabilities - debian/patches/CVE-2024-38474-38475-*.patch: tighten up prefix_stat and %3f handling, add better question mark tracking to avoid UnsafeAllow3F - CVE-2024-38474, CVE-2024-38475
Update command: apt-get update apt-get --only-upgrade install apache2*
apache2_2.4.59-1~deb10u1+tuxcare.els2_amd64.deb apache2-bin_2.4.59-1~deb10u1+tuxcare.els2_amd64.deb apache2-data_2.4.59-1~deb10u1+tuxcare.els2_all.deb apache2-dev_2.4.59-1~deb10u1+tuxcare.els2_amd64.deb apache2-doc_2.4.59-1~deb10u1+tuxcare.els2_all.deb apache2-ssl-dev_2.4.59-1~deb10u1+tuxcare.els2_amd64.deb apache2-suexec-custom_2.4.59-1~deb10u1+tuxcare.els2_amd64.deb apache2-suexec-pristine_2.4.59-1~deb10u1+tuxcare.els2_amd64.deb apache2-utils_2.4.59-1~deb10u1+tuxcare.els2_amd64.deb libapache2-mod-md_2.4.59-1~deb10u1+tuxcare.els2_amd64.deb libapache2-mod-proxy-uwsgi_2.4.59-1~deb10u1+tuxcare.els2_amd64.deb