Univention Bugzilla – Bug 57218
Apache - HTTP security issue with apache2 2.4.38-3+deb10u10A
Last modified: 2024-04-09 10:33:01 CEST
A remote, anonymous attacker can exploit multiple vulnerabilities in Apache HTTP Server to manipulate data. BSI: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0801 Debian Security CVE-2024-24795 https://security-tracker.debian.org/tracker/CVE-2024-24795 Debian Security CVE-2023-38709 https://security-tracker.debian.org/tracker/CVE-2023-38709 UCS: 5.0-7 errata1018 dpkg -l | grep apache ii apache2 2.4.38-3+deb10u10A~5.0.3.202304251027 amd64 Apache HTTP Server ii apache2-bin 2.4.38-3+deb10u10A~5.0.3.202304251027 amd64 Apache HTTP Server (modules and other binary files) ii apache2-data 2.4.38-3+deb10u10A~5.0.3.202304251027 all Apache HTTP Server (common files) ii apache2-suexec-pristine 2.4.38-3+deb10u10A~5.0.3.202304251027 amd64 Apache HTTP Server standard suexec program for mod_suexec ii apache2-utils 2.4.38-3+deb10u10A~5.0.3.202304251027 amd64 Apache HTTP Server (utility programs for web servers) ii libapache2-mod-authnz-pam 1.2.0-1 amd64 PAM authorization checker and PAM Basic Authentication provider ii libapache2-mod-wsgi-py3 4.6.5-1+deb10u1 amd64 Python 3 WSGI adapter module for Apache ii univention-apache 12.0.3-2A~5.0.0.202302061640 all UCS - Apache2 configuration ii univention-apache-vhost 12.0.3-2A~5.0.0.202302061640 all UCS - Apache2 vhost