Home / mailingsPDF  

[USN-6885-6] Apache HTTP Server regression

Posted on 13 August 2025
Ubuntu Security

============================================================================Ubuntu Security Notice USN-6885-6
August 13, 2025

apache2 regression
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

USN-6885-1 introduced a regression in Apache HTTP Server.

Software Description:
- apache2: Apache HTTP server

Details:

USN-6885-1 fixed vulnerabilities in Apache. The patch for
CVE-2024-38474 was incomplete and caused a regression.
This update provides the fix for this issue.

Original advisory details:

=C2=A0Orange Tsai discovered that the Apache HTTP Server mod_rewrite
=C2=A0module incorrectly handled certain substitutions. A remote attacker
=C2=A0could possibly use this issue to execute scripts in directories
=C2=A0not directly reachable by any URL, or cause a denial of service.
=C2=A0Some environments may require using the new UnsafeAllow3F flag
=C2=A0to handle unsafe substitutions. (CVE-2024-38474)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
=C2=A0 apache2=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0==C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2==A0=C2=A0 2.4.58-1ubuntu8.8

Ubuntu 22.04 LTS
=C2=A0 apache2=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0==C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2==A0=C2=A0 2.4.52-1ubuntu4.16

In general, a standard system update will make all the necessary
changes.

References:
=C2=A0 https://ubuntu.com/security/notices/USN-6885-6
=C2=A0 https://ubuntu.com/security/notices/USN-6885-5
=C2=A0 https://ubuntu.com/security/notices/USN-6885-4
=C2=A0 https://ubuntu.com/security/notices/USN-6885-3
=C2=A0 https://ubuntu.com/security/notices/USN-6885-2
=C2=A0 https://ubuntu.com/security/notices/USN-6885-1
=C2=A0 https://launchpad.net/bugs/2119395

Package Information:
=C2=A0 https://launchpad.net/ubuntu/+source/apache2/2.4.58-1ubuntu8.8
=C2=A0 https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.16



--=-YlHGpbaP+/Fx3oYee838
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

 

TOP

Mailings :

Exploits :