1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5729-1] apache2 security update

    From Salvatore Bonaccorso@21:1/5 to All on Thu Jul 11 21:50:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5729-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso
    July 11, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : apache2
    CVE ID : CVE-2024-36387 CVE-2024-38473 CVE-2024-38474 CVE-2024-38475
    CVE-2024-38476 CVE-2024-38477 CVE-2024-39573

    Multiple vulnerabilities have been discovered in the Apache HTTP server,
    which may result in authentication bypass, execution of scripts in
    directories not directly reachable by any URL, server-side request
    forgery or denial of service.

    For the oldstable distribution (bullseye), these problems have been fixed
    in version 2.4.61-1~deb11u1.

    For the stable distribution (bookworm), these problems have been fixed in version 2.4.61-1~deb12u1.

    We recommend that you upgrade your apache2 packages.

    For the detailed security status of apache2 please refer to its security tracker page at:
    https://security-tracker.debian.org/tracker/apache2

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaQNRxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SZZxAAoEqC3wBFMdy9K6ZiNYlNYX/jnQEI8lvwTJJIivK19FZfA+/Tqjn94EUl zkG0MOkwU4KhuCKliFtUDQpTF0U7+BxTnJaCdjIXbSHJirrwQJpfH9urESpHoHx+ GD4eN7XL9zb3XIYSToX1rwcCiz5/Mh96+q8e1IF7mTEYcozZdrgLVGWDk7sCu/E9 MeXgUTn1nZPcNmWlky6yfeSdt8coywMUUJU9AXnb4znW2jA75M+38XajINHyRjuy iuxSVqwBmBFUMOpMf7mm+0KsMfg7DGX230wHszWi8QNNLsjUDpDx/wxuwVvAgw6E Kxk3OPbQ2o3zweyYS4BIypswBhyFM/UP4imnJ65dY+eFMYNy1gpXLKrU4ufr9ZwZ u/dbRglC7Lno9/6+a6y/KU7iSVeGJS59Bj0k8jMsnj10QjMLOQYOEeK80GHzsDdf 87fr8zVwYgkXngM3xfaGeYYziVn88xTTGp/WGo6Rrv/jAU0MLFXQnMvzKTk4wwGN sHH+wOTKlLWcpzPWOGPyIIxdA3fUqZMnqGLnq2NUDnjvAYJEmfrfp7b03sXRyXKx hQhBYL3yADm6Iabax5A/65XZQFKF6yIVAzfAbIUd4ZMMsSCrDBw8bKsfucVRu/YZ aw/5A9G6s8vumlbuLPTHoeJEAhBlefrVEkD26DPoTa455VLWnrI=
    =w/tp
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)