[ubuntu/noble-updates] apache2 2.4.58-1ubuntu8.7 (Accepted)

[Ubuntu Archive Robot]

apache2 (2.4.58-1ubuntu8.7) noble-security; urgency=medium

  * SECURITY UPDATE: HTTP response splitting
    - debian/patches/CVE-2024-42516.patch: fix header merging in
      modules/http/http_filters.c.
    - CVE-2024-42516
  * SECURITY UPDATE: SSRF with mod_headers setting Content-Type header
    - debian/patches/CVE-2024-43204-pre1.patch: avoid ap_set_content_type
      when processing a _Request_Header set|edit|unset Content-Type in
      modules/metadata/mod_headers.c.
    - debian/patches/CVE-2024-43204.patch: use header only in
      modules/metadata/mod_headers.c.
    - CVE-2024-43204
  * SECURITY UPDATE: mod_ssl error log variable escaping
    - debian/patches/CVE-2024-47252.patch: escape ssl vars in
      modules/ssl/ssl_engine_vars.c.
    - CVE-2024-47252
  * SECURITY UPDATE: mod_ssl access control bypass with session resumption
    - debian/patches/CVE-2025-23048.patch: update SNI validation in
      modules/ssl/ssl_engine_kernel.c.
    - CVE-2025-23048
  * SECURITY UPDATE: mod_proxy_http2 denial of service
    - debian/patches/CVE-2025-49630.patch: tolerate missing host header in
      h2 proxy in modules/http2/h2_proxy_session.c.
    - CVE-2025-49630
  * SECURITY UPDATE: mod_ssl TLS upgrade attack
    - debian/patches/CVE-2025-49812.patch: remove antiquated 'SSLEngine
      optional' TLS upgrade in modules/ssl/ssl_engine_config.c,
      modules/ssl/ssl_engine_init.c, modules/ssl/ssl_engine_kernel.c,
      modules/ssl/ssl_private.h.
    - CVE-2025-49812
  * SECURITY UPDATE: 
    - debian/patches/CVE-2025-53020.patch: improve h2 header error handling
      in modules/http2/h2_request.c, modules/http2/h2_request.h,
      modules/http2/h2_session.c, modules/http2/h2_session.h,
      modules/http2/h2_stream.c, modules/http2/h2_util.c,
      modules/http2/h2_util.h,
      test/modules/http2/test_200_header_invalid.py.
    - CVE-2025-53020

Date: 2025-07-14 16:59:13.317624+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.58-1ubuntu8.7
-------------- next part --------------
Sorry, changesfile not available.