Apache HTTP Server regression
Summary
USN-8338-1 fixed vulnerabilities in Apache HTTP Server. The update introduced a regression that prevented mod_http2 from loading on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. (CVE-2023-38709) Will Dormann and David Warren discovered that Apache HTTP Server's HTTP/2 implementation did not properly reclaim memory when streams were reset by clients. A remote attacker could possibly use this issue to cause Apache HTTP Server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2023-45802) Keran Mu and Jianjun Chen discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-24795) Orange Tsai discovered that Apache HTTP Server mod_proxy incorrectly handled URL encoding. A remote attacker could possibly use this issue to bypass authentication via crafted requests. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-38473) Orange Tsai discovered that Apache HTTP Server could be Affected Ubuntu releases: 18.04.
- Ubuntu 18.04
Official advisory · low-confidence parse· fetched 3 hours ago·verify at source
Mitigation checklist
- Apply available updates: `sudo apt update && sudo apt upgrade` (a standard system update installs the fix).
Official advisory · low-confidence parse· fetched 3 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.