USN-6885-1 fixed vulnerabilities in Apache. The patch for CVE-2024-38474 was incomplete and caused a regression. This update provides the fix for this issue.
Original advisory details:
Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions. (CVE-2024-38474)
{ "binaries": [ { "binary_name": "apache2", "binary_version": "2.4.52-1ubuntu4.16" }, { "binary_name": "apache2-bin", "binary_version": "2.4.52-1ubuntu4.16" }, { "binary_name": "apache2-bin-dbgsym", "binary_version": "2.4.52-1ubuntu4.16" }, { "binary_name": "apache2-data", "binary_version": "2.4.52-1ubuntu4.16" }, { "binary_name": "apache2-dev", "binary_version": "2.4.52-1ubuntu4.16" }, { "binary_name": "apache2-doc", "binary_version": "2.4.52-1ubuntu4.16" }, { "binary_name": "apache2-ssl-dev", "binary_version": "2.4.52-1ubuntu4.16" }, { "binary_name": "apache2-suexec-custom", "binary_version": "2.4.52-1ubuntu4.16" }, { "binary_name": "apache2-suexec-custom-dbgsym", "binary_version": "2.4.52-1ubuntu4.16" }, { "binary_name": "apache2-suexec-pristine", "binary_version": "2.4.52-1ubuntu4.16" }, { "binary_name": "apache2-suexec-pristine-dbgsym", "binary_version": "2.4.52-1ubuntu4.16" }, { "binary_name": "apache2-utils", "binary_version": "2.4.52-1ubuntu4.16" }, { "binary_name": "apache2-utils-dbgsym", "binary_version": "2.4.52-1ubuntu4.16" }, { "binary_name": "libapache2-mod-md", "binary_version": "2.4.52-1ubuntu4.16" }, { "binary_name": "libapache2-mod-proxy-uwsgi", "binary_version": "2.4.52-1ubuntu4.16" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "apache2", "binary_version": "2.4.58-1ubuntu8.8" }, { "binary_name": "apache2-bin", "binary_version": "2.4.58-1ubuntu8.8" }, { "binary_name": "apache2-bin-dbgsym", "binary_version": "2.4.58-1ubuntu8.8" }, { "binary_name": "apache2-data", "binary_version": "2.4.58-1ubuntu8.8" }, { "binary_name": "apache2-dev", "binary_version": "2.4.58-1ubuntu8.8" }, { "binary_name": "apache2-doc", "binary_version": "2.4.58-1ubuntu8.8" }, { "binary_name": "apache2-ssl-dev", "binary_version": "2.4.58-1ubuntu8.8" }, { "binary_name": "apache2-suexec-custom", "binary_version": "2.4.58-1ubuntu8.8" }, { "binary_name": "apache2-suexec-custom-dbgsym", "binary_version": "2.4.58-1ubuntu8.8" }, { "binary_name": "apache2-suexec-pristine", "binary_version": "2.4.58-1ubuntu8.8" }, { "binary_name": "apache2-suexec-pristine-dbgsym", "binary_version": "2.4.58-1ubuntu8.8" }, { "binary_name": "apache2-utils", "binary_version": "2.4.58-1ubuntu8.8" }, { "binary_name": "apache2-utils-dbgsym", "binary_version": "2.4.58-1ubuntu8.8" }, { "binary_name": "libapache2-mod-md", "binary_version": "2.4.58-1ubuntu8.8" }, { "binary_name": "libapache2-mod-proxy-uwsgi", "binary_version": "2.4.58-1ubuntu8.8" } ], "availability": "No subscription required" }