[SECURITY] [ERRATUM] [SECURITY] [DLA 4571-1] apache2 security update

Thu, 14 May 2026 10:57:30 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4571-1                [email protected]
https://www.debian.org/lts/security/                   Bastien Roucariès
May 08, 2026                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : apache2
Version        : 2.4.67-1~deb11u1
CVE ID         : CVE-2026-24072 CVE-2026-28780 CVE-2026-29168 CVE-2026-29169
                 CVE-2026-33006 CVE-2026-33007 CVE-2026-33523 CVE-2026-33857
                 CVE-2026-34032 CVE-2026-34059
Debian Bug     : 1135737

Multiple vulnerabilities have been discovered in the Apache HTTP server,
which may result in remote code execution, privilege escalation, denial
of service or information disclosure.

An erratum was issued because DLA‑4571‑1 incorrectly marked 
CVE‑2026‑28780
and CVE‑2026‑29168 as not fixed.

These two vulnerabilities are in fact addressed in version 2.4.67‑1~deb11u1,
which includes the required security fixes.

Additionally, CVE‑2026‑23918 was marked as not affecting Bullseye, as the
vulnerable code is not present in any previously released Bullseye packages.
However, the updated package includes the fix for this issue as well,
even though it does not impact this release.

For Debian 11 bullseye, these problems have been fixed in version
2.4.67-1~deb11u1.

We recommend that you upgrade your apache2 packages.

For the detailed security status of apache2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/apache2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmoGDOsACgkQADoaLapB
CF+J8A/+ILrCXU8dG0fuX9nsoWv8gSZ57sJuqItYc7+VLnrMApsLQz4fZ+lcFyOc
yKobiVJA1+PRVNsf8HeS7aYBc+QbFPmjqYxCRjqkbkgRyHiZH6RBoh/GeAUdiMFD
b/M+BK3ZIxxAMy/DJ+vA/Rd+molcEODm+QGLvJw+wpSa/QDxL4VIZBdpwni7OJY0
EKDwE+E7+jpkGkb0iTrN5hP0BrMJ9BQuUOWbi0qxthshlkYOwdXGC7eAsMYWzC0x
ghbHmGDAYFHixOptHX7bSQQQrS9fUCIzRoRPI3q4zqfrZ2xQHe/3upPVYZ+DrGzL
r7KxHEPM+bjfCld9CbOmT6kmkC4OYPzfR8zsH0ZDPP4joo61K6sbUpZ6Jnvt/Xaf
W/0UOiwKPTzXpU4+XHJr3DdxJiO/ABegEXmKGisTsfOWqYTGEtzgyOKFrdtRw1un
wbL4zAmdFlDYxOrRSnniGl8DypM3L+cx89m9QnJerDcQTox8suSIDHpa8qhh1iNr
Zm1FWNmHU/2FQkhmBtj28fPMo+tBJunDez5oCJaaKzqCQxA2eW2it4d3H0RHmN+3
AA40JWp4W7JlB0STwiYY/SBTmd7x1WF5a0PQzHY9nNISSJSqRLjxjq2dEnq8qLV9
nFHGJYYVCclB//x+Ub+/w1iKYwaCxH+jzwK4DyT1J883PnrvtEw=
=oVop
-----END PGP SIGNATURE-----

Reply via email to