Groups | Search | Server Info | Login | Register

Groups > linux.debian.announce.security > #4815

[SECURITY] [DSA 6248-1] apache2 security update

From Salvatore Bonaccorso <carnil@debian.org>
Newsgroups linux.debian.announce.security
Subject [SECURITY] [DSA 6248-1] apache2 security update
Date 2026-05-06 17:10 +0200
Message-ID <MRM2R-32VR-21@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6248-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 06, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : apache2
CVE ID         : CVE-2026-23918 CVE-2026-24072 CVE-2026-28780 CVE-2026-29168
                 CVE-2026-29169 CVE-2026-33006 CVE-2026-33007 CVE-2026-33523
                 CVE-2026-33857 CVE-2026-34032 CVE-2026-34059
Debian Bug     : 1135737

Multiple vulnerabilities have been discovered in the Apache HTTP server,
which may result in remote code execution, privilege escalation, denial
of service or information disclosure.

For the oldstable distribution (bookworm), these problems have been fixed
in version 2.4.67-1~deb12u2.

For the stable distribution (trixie), these problems have been fixed in
version 2.4.67-1~deb13u2. The fix for CVE-2026-23918 was already
included in the Debian 13.4 point release update versioned
2.4.66-1~deb13u2 to address reported HTTP/2 regressions.

We recommend that you upgrade your apache2 packages.

For the detailed security status of apache2 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/apache2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmn7VtRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TIag//ZkWObvESWferkldlT8nQ0e32uVRAQeCGGsK4DH16MUQPwx6DIH3EerH4
DIrw+XqxfSu5GjfBXckB3QE682SDyoYIrGLIKJMe6su+kANUrFX7h7wouxGiN0Rl
J5sQS2913e1cMCg6wmSXMXobcQUhEgMheBx0Ojz3mDdDQyz7kctMvUpSumC/4iUv
U1YHtx7qaHXEdIQIiwjj42RYBMRgqZjF4ZqSR1X1nSVrCentyKrrRxRPOY0iLTZS
2mINgemvm2xTlSlrJ6DsXAL40EFBolpMYF8JBJomEMcm1nMWxEpy3tnVSwKWVLta
gTpL2rl9td3Q9+qWjvIccb37Q26QBLurHTsOsM8juG50654NDMiQ88zgTatjlAgO
tRymMj9dfuJ1fsFfwpGSNxRd28B0j458ioEThxp8uLkbyjMtzfqDAcVZd1hhO9Gy
fpaY3muFlYXrgTsHBgn0Ja6MMq7sG6wo5N5nH1PmNuUrI6Kixy4hdFxkPqCpkldb
5qdbcOU69tyKyDV4rIyATDlSaHAo6GjOwEQA3uKMAhYHGYBCbp2ePoLQvFA9ZqeD
cOEIcnQ4906IYXRT82DYgtZUnAs2ieRlFWNmeCXqQqi+3AukfP/BqfmTd5vvG+eB
dz+HkGV27xZAQIWRxYk1Y1qsi7YegMhM3pztQ5w07POusoR6de8=
=g/X6
-----END PGP SIGNATURE-----

Back to linux.debian.announce.security | Previous | Next | Find similar

Thread

[SECURITY] [DSA 6248-1] apache2 security update Salvatore Bonaccorso <carnil@debian.org> - 2026-05-06 17:10 +0200

csiph-web