Groups | Search | Server Info | Login | Register
Groups > linux.debian.announce.security > #4815
| Path | csiph.com!news.samoylyk.net!gothmog.csi.it!bofh.it!news.nic.it!robomod |
|---|---|
| From | Salvatore Bonaccorso <carnil@debian.org> |
| Newsgroups | linux.debian.announce.security |
| Subject | [SECURITY] [DSA 6248-1] apache2 security update |
| Date | Wed, 06 May 2026 17:10:01 +0200 |
| Message-ID | <MRM2R-32VR-21@gated-at.bofh.it> (permalink) |
| X-Mailbox-Line | From debian-security-announce-request@lists.debian.org Wed May 6 15:04:38 2026 |
| Old-Return-Path | <carnil@seger.debian.org> |
| X-Amavis-Spam-Status | No, score=-114.261 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_MED=-2.3, SARE_RMML_Stock9=0.13, USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100] autolearn=ham autolearn_force=no |
| Old-Dkim-Signature | v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=J/QSDJg5+64c36BtTt26/IZh5bxrCjn9R3VNhiFsAJY=; b=QG T+8/W7jNPS1Mvo8pQU2/VcLZWvcvcugflhvixfG4yx48I8ona3OXc74niS0ewWXHYTBZfTsb8mOBF 3znlYHpYhn6mr6W+MLoQ7xUh1qRS6ri0WIXKhvL1I3hkZh7YSm63gdVJw2al+avCOtukO7snmHO+4 0ToooZw/ndEpr6e0+ASUEoZs4UJeRRO7znwcEt2GIrSfZai3ZstQA8r1RxRdYPirB+lWSgVd4tQsp Edw1iSmOm6foWYT2l3iaVPp6LC8uPgJ2LiqxYlPRn2KgnRSSdszNxCeUtLsLmseWmO6hn1wA+SuSx FIqgkXgPIS0c855fG88gLvJ/5uXTB9Wg==; |
| X-Debian | PGP check passed for security officers |
| Priority | urgent |
| Reply-To | debian-security-announce-request@lists.debian.org |
| X-Mailing-List | <debian-security-announce@lists.debian.org> archive/latest/5173 |
| List-ID | <debian-security-announce.lists.debian.org> |
| List-URL | <http://lists.debian.org/debian-security-announce/> |
| List-Archive | https://lists.debian.org/msgid-search/E1wKdnM-00000000ezb-25y5@seger.debian.org |
| Approved | robomod@news.nic.it |
| Lines | 56 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Date | Wed, 06 May 2026 15:04:16 +0000 |
| X-Original-Message-ID | <E1wKdnM-00000000ezb-25y5@seger.debian.org> |
| Xref | csiph.com linux.debian.announce.security:4815 |
Show key headers only | View raw
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6248-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 06, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : apache2
CVE ID : CVE-2026-23918 CVE-2026-24072 CVE-2026-28780 CVE-2026-29168
CVE-2026-29169 CVE-2026-33006 CVE-2026-33007 CVE-2026-33523
CVE-2026-33857 CVE-2026-34032 CVE-2026-34059
Debian Bug : 1135737
Multiple vulnerabilities have been discovered in the Apache HTTP server,
which may result in remote code execution, privilege escalation, denial
of service or information disclosure.
For the oldstable distribution (bookworm), these problems have been fixed
in version 2.4.67-1~deb12u2.
For the stable distribution (trixie), these problems have been fixed in
version 2.4.67-1~deb13u2. The fix for CVE-2026-23918 was already
included in the Debian 13.4 point release update versioned
2.4.66-1~deb13u2 to address reported HTTP/2 regressions.
We recommend that you upgrade your apache2 packages.
For the detailed security status of apache2 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/apache2
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmn7VtRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TIag//ZkWObvESWferkldlT8nQ0e32uVRAQeCGGsK4DH16MUQPwx6DIH3EerH4
DIrw+XqxfSu5GjfBXckB3QE682SDyoYIrGLIKJMe6su+kANUrFX7h7wouxGiN0Rl
J5sQS2913e1cMCg6wmSXMXobcQUhEgMheBx0Ojz3mDdDQyz7kctMvUpSumC/4iUv
U1YHtx7qaHXEdIQIiwjj42RYBMRgqZjF4ZqSR1X1nSVrCentyKrrRxRPOY0iLTZS
2mINgemvm2xTlSlrJ6DsXAL40EFBolpMYF8JBJomEMcm1nMWxEpy3tnVSwKWVLta
gTpL2rl9td3Q9+qWjvIccb37Q26QBLurHTsOsM8juG50654NDMiQ88zgTatjlAgO
tRymMj9dfuJ1fsFfwpGSNxRd28B0j458ioEThxp8uLkbyjMtzfqDAcVZd1hhO9Gy
fpaY3muFlYXrgTsHBgn0Ja6MMq7sG6wo5N5nH1PmNuUrI6Kixy4hdFxkPqCpkldb
5qdbcOU69tyKyDV4rIyATDlSaHAo6GjOwEQA3uKMAhYHGYBCbp2ePoLQvFA9ZqeD
cOEIcnQ4906IYXRT82DYgtZUnAs2ieRlFWNmeCXqQqi+3AukfP/BqfmTd5vvG+eB
dz+HkGV27xZAQIWRxYk1Y1qsi7YegMhM3pztQ5w07POusoR6de8=
=g/X6
-----END PGP SIGNATURE-----
Back to linux.debian.announce.security | Previous | Next | Find similar
[SECURITY] [DSA 6248-1] apache2 security update Salvatore Bonaccorso <carnil@debian.org> - 2026-05-06 17:10 +0200
csiph-web