[CLSA-2024:1724788546] Fix of 5 CVEs
Type:
security
Severity:
Critical
Release date:
2024-08-27 19:55:49 UTC
Description:
* SECURITY UPDATE: http server use exploitable/malicious backend application - debian/patches/CVE-2024-38476.patch: prevent server usage of exploitable/malicious backend application output to run local handlers via internal redirect - CVE-2024-38476 * SECURITY UPDATE: modules regression introduced by CVE-2024-38476 fix - debian/patches/CVE-2024-39884.patch: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-38476 fix - CVE-2024-39884 * SECURITY UPDATE: modules regression introduced by CVE-2024-39884 fix - debian/patches/CVE-2024-40725.patch: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-39884 fix - CVE-2024-40725 * SECURITY UPDATE: attacker allowed to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI - debian/patches/CVE-2024-38474-38475.patch: server weakness with encoded question marks in backreferences - CVE-2024-38474 - debian/patches/CVE-2024-38474-38475.patch: server weakness in mod_rewrite when first segment of substitution matches filesystem path - CVE-2024-38475
Updated packages:
  • apache2_2.4.29-1ubuntu4.27+tuxcare.els2_amd64.deb
    sha:b227e43b726e698f62b4afb3bd63856b09fa2b01
  • apache2-bin_2.4.29-1ubuntu4.27+tuxcare.els2_amd64.deb
    sha:27e0f745f6c73ef2e4b2809b7b75b361c1eb9b60
  • apache2-data_2.4.29-1ubuntu4.27+tuxcare.els2_all.deb
    sha:18bd8aa2acea85fc524b96665d8eccfb7dcdf643
  • apache2-dev_2.4.29-1ubuntu4.27+tuxcare.els2_amd64.deb
    sha:7496305a7148d461e32448b358dde25d297f1648
  • apache2-doc_2.4.29-1ubuntu4.27+tuxcare.els2_all.deb
    sha:0ffc48bb32f7630a929b99f1825b80851a351bca
  • apache2-ssl-dev_2.4.29-1ubuntu4.27+tuxcare.els2_amd64.deb
    sha:22b94cde4e6ce1aba01f3df1f9a08499c66b6aaa
  • apache2-suexec-custom_2.4.29-1ubuntu4.27+tuxcare.els2_amd64.deb
    sha:fccd1ac1b8406ec47cc07ea5f4755117822612f3
  • apache2-suexec-pristine_2.4.29-1ubuntu4.27+tuxcare.els2_amd64.deb
    sha:35b608aecf2ee93b8d4ba2be55f3e61a3fb1bf48
  • apache2-utils_2.4.29-1ubuntu4.27+tuxcare.els2_amd64.deb
    sha:7ab399dd1dee901fc1619aa8eb92a1de26ea610e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.