Red Hat Security Advisory 2019-1543-01 - This release adds the new Apache HTTP Server 2.4.29 Service Pack 2 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.
87a60175fe0e0dde7ae7865168e89fd3521aa1306210d2d9c8b32e05f763b1a9
Red Hat Security Advisory 2019-1297-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 2 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section. It addresses denial of service and privilege escalation vulnerabilities.
1d3819c3a795696655f8712247c8df410655f69b1a073bb7b1b32d9271562472
Red Hat Security Advisory 2019-1296-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.29 Service Pack 2 packages that are part of the JBoss Core Services offering. It serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements. It addresses denial of service and privilege escalation vulnerabilities.
5ed148ee5c1aa1a8483ec13ffbf8a1df403d3b3e5e5aa321f31d0c7e9dc09b53
Red Hat Security Advisory 2019-0980-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a bypass vulnerability.
0d471fc4d79ad4660814e40b39efce40484b416271cee12b400763cc07a0892b
Gentoo Linux Security Advisory 201904-20 - A vulnerability in Apache might allow an attacker to escalate privileges. Versions less than 2.4.39 are affected.
2cdba9d32af03109ac1eff106634e51e531f016a5c8f2f4ca8d95ed2ff604c97
Red Hat Security Advisory 2019-0746-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Issues addressed include a bypass vulnerability.
202bd8c08a315a52b0d871b6653eba41c7ffe2586133300b1cfc9f7fb04287e6
Apache versions 2.4.17 up to 2.4.38 apache2ctl graceful logrotate local privilege escalation exploit.
3319265a25f9489c7617752a0f4a299d38530c30caf7932b9bb2b32075e9f1b7
Slackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
9be71db2b131b2b10709f7b3ee6d53e6af06d87b4d850361ae89afcf06e5a270
Ubuntu Security Notice 3937-1 - Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. It was discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.
c17a43ba53d0845a663b1213936884d7465b45def0d79156050131ef37d78a6d
Apache versions 2.4.17 through 2.4.38 suffer from a local root privilege escalation vulnerability due to an out-of-bounds array access leading to an arbitrary function call.
9525ffd9aefbc06136c75f55edd33355815fc7df0b0f150a337892cfad9ed4bd
Debian Linux Security Advisory 4422-1 - Several vulnerabilities have been found in the Apache HTTP server.
961d97f7066c2153712981e824caca1ecdd1c8ed3bcf22d5649c1e105a41be19