==========================================================================
Ubuntu Security Notice USN-6729-2
April 17, 2024
apache2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Apache HTTP Server.
Software Description:
- apache2: Apache HTTP server
Details:
USN-6729-1 fixed several vulnerabilities in Apache. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
 Orange Tsai discovered that the Apache HTTP Server incorrectly handled
 validating certain input. A remote attacker could possibly use this
 issue to perform HTTP request splitting attacks. (CVE-2023-38709)
 Keran Mu and Jianjun Chen discovered that the Apache HTTP Server
 incorrectly handled validating certain input. A remote attacker could
 possibly use this issue to perform HTTP request splitting attacks.
 (CVE-2024-24795)
 Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module
 incorrectly handled endless continuation frames. A remote attacker could
 possibly use this issue to cause the server to consume resources, leading
 to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS.
 (CVE-2024-27316)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  apache2                         2.4.29-1ubuntu4.27+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  apache2                         2.4.18-2ubuntu3.17+esm12
In general, a standard system update will make all the necessary changes.
References:
  https://ubuntu.com/security/notices/USN-6729-2
  https://ubuntu.com/security/notices/USN-6729-1
  CVE-2023-38709, CVE-2024-24795, CVE-2024-27316