[ubuntu/jammy-security] apache2 2.4.52-1ubuntu4.18 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Jan 19 14:41:54 UTC 2026
apache2 (2.4.52-1ubuntu4.18) jammy-security; urgency=medium
* SECURITY UPDATE: Integer overflow in the case of failed ACME
certificate renewal
- debian/patches/CVE-2025-55753.patch: update mod_md to version
2.6.6 in modules/md/*
- CVE-2025-55753
* SECURITY UPDATE: Server Side Includes adds query string to #exec cmd=
- debian/patches/CVE-2025-58098.patch: don't pass args for SSI request
in modules/generators/mod_cgid.c.
- CVE-2025-58098
* SECURITY UPDATE: CGI environment variable override
- debian/patches/CVE-2025-65082.patch: envvars from HTTP headers low
precedence in server/util_script.c.
- CVE-2025-65082
* SECURITY UPDATE: mod_userdir+suexec bypass via AllowOverride FileInfo
- debian/patches/CVE-2025-66200.patch: don't use request notes for
suexec in modules/mappers/mod_userdir.c,
modules/metadata/mod_headers.c.
- CVE-2025-66200
* SECURITY REGRESSION: Misdirected Request error (LP: #2117112)
- debian/patches/CVE-2025-23048-regression.patch: add SSLVHostSNIPolicy
directive to set the compatibility level required for VirtualHost
matching in modules/ssl/*.
- debian/patches/CVE-2025-23048-regression-2.patch: fix handling of
STRICT mode in modules/ssl/ssl_engine_kernel.c.
Date: 2025-12-09 17:33:11.444432+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.18
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list