[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6248-1] apache2 security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6248-1] apache2 security update From: Salvatore Bonaccorso <carnil@debian.org> Date: Wed, 06 May 2026 15:04:16 +0000 Message-id: <[🔎] E1wKdnM-00000000ezb-25y5@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6248-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 06, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apache2 CVE ID : CVE-2026-23918 CVE-2026-24072 CVE-2026-28780 CVE-2026-29168 CVE-2026-29169 CVE-2026-33006 CVE-2026-33007 CVE-2026-33523 CVE-2026-33857 CVE-2026-34032 CVE-2026-34059 Debian Bug : 1135737 Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in remote code execution, privilege escalation, denial of service or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 2.4.67-1~deb12u2. For the stable distribution (trixie), these problems have been fixed in version 2.4.67-1~deb13u2. The fix for CVE-2026-23918 was already included in the Debian 13.4 point release update versioned 2.4.66-1~deb13u2 to address reported HTTP/2 regressions. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmn7VtRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TIag//ZkWObvESWferkldlT8nQ0e32uVRAQeCGGsK4DH16MUQPwx6DIH3EerH4 DIrw+XqxfSu5GjfBXckB3QE682SDyoYIrGLIKJMe6su+kANUrFX7h7wouxGiN0Rl J5sQS2913e1cMCg6wmSXMXobcQUhEgMheBx0Ojz3mDdDQyz7kctMvUpSumC/4iUv U1YHtx7qaHXEdIQIiwjj42RYBMRgqZjF4ZqSR1X1nSVrCentyKrrRxRPOY0iLTZS 2mINgemvm2xTlSlrJ6DsXAL40EFBolpMYF8JBJomEMcm1nMWxEpy3tnVSwKWVLta gTpL2rl9td3Q9+qWjvIccb37Q26QBLurHTsOsM8juG50654NDMiQ88zgTatjlAgO tRymMj9dfuJ1fsFfwpGSNxRd28B0j458ioEThxp8uLkbyjMtzfqDAcVZd1hhO9Gy fpaY3muFlYXrgTsHBgn0Ja6MMq7sG6wo5N5nH1PmNuUrI6Kixy4hdFxkPqCpkldb 5qdbcOU69tyKyDV4rIyATDlSaHAo6GjOwEQA3uKMAhYHGYBCbp2ePoLQvFA9ZqeD cOEIcnQ4906IYXRT82DYgtZUnAs2ieRlFWNmeCXqQqi+3AukfP/BqfmTd5vvG+eB dz+HkGV27xZAQIWRxYk1Y1qsi7YegMhM3pztQ5w07POusoR6de8= =g/X6 -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Salvatore Bonaccorso (on-list) Salvatore Bonaccorso (off-list) Prev by Date: [SECURITY] [DSA 6247-1] lxd security update Previous by thread: [SECURITY] [DSA 6247-1] lxd security update Index(es): Date Thread