Packages
- apache2 - Apache HTTP server
Details
It was discovered that the Apache HTTP Server mod_rewrite module
incorrectly handled certain privileges. A local attacker could possibly use
this issue to obtain sensitive information. (CVE-2026-24072)
Andrew Lacambra, Elhanan Haenel, Tianshuo Han, and Tristan Madani
discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly
handled certain AJP server messages. An attacker in control of a
backend AJP server could use this issue to cause Apache HTTP Server to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2026-28780)
Pavel Kohout discovered that the Apache HTTP Server incorrectly handled
certain memory operations in mod_dav_lock. A remote attacker could possibly
use this issue to cause Apache HTTP Server to crash, resulting in a denial
of service. (
It was discovered that the Apache HTTP Server mod_rewrite module
incorrectly handled certain privileges. A local attacker could possibly use
this issue to obtain sensitive information. (CVE-2026-24072)
Andrew Lacambra, Elhanan Haenel, Tianshuo Han, and Tristan Madani
discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly
handled certain AJP server messages. An attacker in control of a
backend AJP server could use this issue to cause Apache HTTP Server to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2026-28780)
Pavel Kohout discovered that the Apache HTTP Server incorrectly handled
certain memory operations in mod_dav_lock. A remote attacker could possibly
use this issue to cause Apache HTTP Server to crash, resulting in a denial
of service. (CVE-2026-29169)
Elhanan Haenel discovered that Apache HTTP Server incorrectly handled
certain memory operations in mod_proxy_ajp. A remote attacker could use
this issue to cause Apache HTTP Server to crash, resulting in a denial of
service, or possibly obtain sensitive information. (CVE-2026-34059)
Update instructions
After a standard system update you need to restart apache2 to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 20.04 LTS focal | apache2 – 2.4.41-4ubuntu3.23+esm4 | ||
| apache2-bin – 2.4.41-4ubuntu3.23+esm4 | |||
| apache2-dev – 2.4.41-4ubuntu3.23+esm4 | |||
| apache2-ssl-dev – 2.4.41-4ubuntu3.23+esm4 | |||
| apache2-utils – 2.4.41-4ubuntu3.23+esm4 | |||
| libapache2-mod-md – 2.4.41-4ubuntu3.23+esm4 | |||
| 18.04 LTS bionic | apache2 – 2.4.29-1ubuntu4.27+esm9 | ||
| apache2-bin – 2.4.29-1ubuntu4.27+esm9 | |||
| apache2-dev – 2.4.29-1ubuntu4.27+esm9 | |||
| apache2-ssl-dev – 2.4.29-1ubuntu4.27+esm9 | |||
| apache2-utils – 2.4.29-1ubuntu4.27+esm9 | |||
| 16.04 LTS xenial | apache2 – 2.4.18-2ubuntu3.17+esm18 | ||
| apache2-bin – 2.4.18-2ubuntu3.17+esm18 | |||
| apache2-data – 2.4.18-2ubuntu3.17+esm18 | |||
| apache2-dev – 2.4.18-2ubuntu3.17+esm18 | |||
| apache2-utils – 2.4.18-2ubuntu3.17+esm18 | |||
| 14.04 LTS trusty | apache2 – 2.4.7-1ubuntu4.22+esm13 | ||
| apache2-bin – 2.4.7-1ubuntu4.22+esm13 | |||
| apache2-dev – 2.4.7-1ubuntu4.22+esm13 | |||
| apache2-utils – 2.4.7-1ubuntu4.22+esm13 | |||
| apache2.2-bin – 2.4.7-1ubuntu4.22+esm13 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.