{"id":"CLSA-2024-1728479129","summary":"Fix CVE(s): CVE-2023-38709, CVE-2024-24795, CVE-2024-27316","details":"   * SECURITY UPDATE: Memory exhaustion due to excessive HTTP/2 incoming headers\n     buffering\n     - debian/patches/CVE-2024-27316.patch: Fix to bail after too many failed\n       reads, increment count on request headers failed to add\n     - CVE-2024-27316\n   * SECURITY UPDATE: Faulty input validation in the core of Apache allows\n     malicious or exploitable backend/content generators to split HTTP responses\n     - debian/patches/CVE-2023-38709.patch: header validation after content-*\n       are eval'ed\n     - CVE-2023-38709\n   * SECURITY UPDATE: HTTP response splitting in multiple modules in Apache HTTP\n       Server allows an attacker that can inject malicious response headers into\n       backend applications to cause an HTTP desynchronization attack\n     - debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for non-http\n       handlers\n     - CVE-2024-24795","modified":"2026-06-04T09:46:09.238044668Z","published":"2024-10-09T13:05:34Z","upstream":["CVE-2023-38709","CVE-2024-24795","CVE-2024-27316"],"references":[{"type":"ADVISORY","url":"https://errata.cloudlinux.com/ubuntu18-els/CLSA-2024-1728479129.html"}],"affected":[{"package":{"name":"apache2","ecosystem":"TuxCare:Ubuntu:18.04","purl":"pkg:deb/tuxcare/apache2?distro=ubuntu-18.04"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.29-1ubuntu4.27+tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json"}},{"package":{"name":"apache2-bin","ecosystem":"TuxCare:Ubuntu:18.04","purl":"pkg:deb/tuxcare/apache2-bin?distro=ubuntu-18.04"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.29-1ubuntu4.27+tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json"}},{"package":{"name":"apache2-data","ecosystem":"TuxCare:Ubuntu:18.04","purl":"pkg:deb/tuxcare/apache2-data?distro=ubuntu-18.04"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.29-1ubuntu4.27+tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json"}},{"package":{"name":"apache2-dev","ecosystem":"TuxCare:Ubuntu:18.04","purl":"pkg:deb/tuxcare/apache2-dev?distro=ubuntu-18.04"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.29-1ubuntu4.27+tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json"}},{"package":{"name":"apache2-doc","ecosystem":"TuxCare:Ubuntu:18.04","purl":"pkg:deb/tuxcare/apache2-doc?distro=ubuntu-18.04"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.29-1ubuntu4.27+tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json"}},{"package":{"name":"apache2-ssl-dev","ecosystem":"TuxCare:Ubuntu:18.04","purl":"pkg:deb/tuxcare/apache2-ssl-dev?distro=ubuntu-18.04"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.29-1ubuntu4.27+tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json"}},{"package":{"name":"apache2-suexec-custom","ecosystem":"TuxCare:Ubuntu:18.04","purl":"pkg:deb/tuxcare/apache2-suexec-custom?distro=ubuntu-18.04"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.29-1ubuntu4.27+tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json"}},{"package":{"name":"apache2-suexec-pristine","ecosystem":"TuxCare:Ubuntu:18.04","purl":"pkg:deb/tuxcare/apache2-suexec-pristine?distro=ubuntu-18.04"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.29-1ubuntu4.27+tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json"}},{"package":{"name":"apache2-utils","ecosystem":"TuxCare:Ubuntu:18.04","purl":"pkg:deb/tuxcare/apache2-utils?distro=ubuntu-18.04"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.29-1ubuntu4.27+tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1728479129.json"}}],"schema_version":"1.7.5"}