StackPatch is liveSee product

Back to CVE digest
Ubuntu USN · USN-8239-1

Apache HTTP Server vulnerabilities

Published: Wed, 06 May 2026 19:55

CVE-2026-28780CVE-2026-33523CVE-2026-33857CVE-2026-34032CVE-2026-23918CVE-2026-24072CVE-2026-29169CVE-2026-29168CVE-2026-33006CVE-2026-33007CVE-2026-34059

Summary

Several security issues were fixed in Apache HTTP Server.

Details

Bartlomiej Dmitruk and Stanislaw Strzalkowski discovered that Apache HTTP Server incorrectly handled certain memory operations when using the HTTP/2 protocol. A remote attacker could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-23918) It was discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain privileges. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2026-24072) Andrew Lacambra, Elhanan Haenel, Tianshuo Han, and Tristan Madani discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly handled certain AJP server messages. An attacker in control of a backend AJP server could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-28780) Pavel Kohout discovered that Apache HTTP Server did not properly limit resource allocation in mod_md when processing OCSP response data. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2026-29168) Pavel Kohout discovered that the Apache HTTP Server incorrectly handled certain memory operations in mod_dav_lock. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-29169) Nitescu Lucian discovered that Apache HTTP Server had a timing attack vulnerability in mod_auth_digest. A remote attacker could possibly use this issue to bypass Digest authentication. (CVE-2026-33006) Pavel Kohout and Arkadi Vainbrand discovered that Apache HTTP Server incorrectly handled certain memory operations in mod_authn_socache. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-33007) Haruki Oyama, Merih Mengisteab, and Dawit Jeong discovered that Apache HTTP Server had an HTTP response splitting vulnerability in multiple modules when used with untrusted or compromised backend servers. An attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2026-33523) Elhanan Haenel discovered that Apache HTTP Server incorrectly handled certain memory operations in mod_proxy_ajp. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-33857) Tianshuo Han and Jérôme Djouder discovered that Apache HTTP Server incorrectly handled certain string operations in mod_proxy_ajp. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-34032) Elhanan Haenel discovered that Apache HTTP Server incorrectly handled certain memory operations in mod_proxy_ajp. A remote attacker could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2026-34059)

Recommended actions per Ubuntu release

StackPatch playbook auto-generated per release codename and per affected package.

Ubuntu jammy

  • apache22.4.52-1ubuntu4.20apt_upgrade

    Standard apt upgrade. Install 2.4.52-1ubuntu4.20 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache22.4.52-1ubuntu4.20apt_upgrade

    Standard apt upgrade. Install 2.4.52-1ubuntu4.20 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-bin2.4.52-1ubuntu4.20apt_upgrade

    Standard apt upgrade. Install 2.4.52-1ubuntu4.20 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-bin

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-data2.4.52-1ubuntu4.20apt_upgrade

    Standard apt upgrade. Install 2.4.52-1ubuntu4.20 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-data

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-dev2.4.52-1ubuntu4.20apt_upgrade

    Standard apt upgrade. Install 2.4.52-1ubuntu4.20 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-dev

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-doc2.4.52-1ubuntu4.20apt_upgrade

    Standard apt upgrade. Install 2.4.52-1ubuntu4.20 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-doc

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-ssl-dev2.4.52-1ubuntu4.20apt_upgrade

    Standard apt upgrade. Install 2.4.52-1ubuntu4.20 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-ssl-dev

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-suexec-custom2.4.52-1ubuntu4.20apt_upgrade

    Standard apt upgrade. Install 2.4.52-1ubuntu4.20 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-suexec-custom

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-suexec-pristine2.4.52-1ubuntu4.20apt_upgrade

    Standard apt upgrade. Install 2.4.52-1ubuntu4.20 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-suexec-pristine

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-utils2.4.52-1ubuntu4.20apt_upgrade

    Standard apt upgrade. Install 2.4.52-1ubuntu4.20 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-utils

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libapache2-mod-md2.4.52-1ubuntu4.20apt_upgrade

    Standard apt upgrade. Install 2.4.52-1ubuntu4.20 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libapache2-mod-md

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libapache2-mod-proxy-uwsgi2.4.52-1ubuntu4.20apt_upgrade

    Standard apt upgrade. Install 2.4.52-1ubuntu4.20 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libapache2-mod-proxy-uwsgi

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu noble

  • apache22.4.58-1ubuntu8.12apt_upgrade

    Standard apt upgrade. Install 2.4.58-1ubuntu8.12 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache22.4.58-1ubuntu8.12apt_upgrade

    Standard apt upgrade. Install 2.4.58-1ubuntu8.12 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-bin2.4.58-1ubuntu8.12apt_upgrade

    Standard apt upgrade. Install 2.4.58-1ubuntu8.12 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-bin

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-data2.4.58-1ubuntu8.12apt_upgrade

    Standard apt upgrade. Install 2.4.58-1ubuntu8.12 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-data

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-dev2.4.58-1ubuntu8.12apt_upgrade

    Standard apt upgrade. Install 2.4.58-1ubuntu8.12 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-dev

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-doc2.4.58-1ubuntu8.12apt_upgrade

    Standard apt upgrade. Install 2.4.58-1ubuntu8.12 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-doc

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-ssl-dev2.4.58-1ubuntu8.12apt_upgrade

    Standard apt upgrade. Install 2.4.58-1ubuntu8.12 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-ssl-dev

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-suexec-custom2.4.58-1ubuntu8.12apt_upgrade

    Standard apt upgrade. Install 2.4.58-1ubuntu8.12 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-suexec-custom

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-suexec-pristine2.4.58-1ubuntu8.12apt_upgrade

    Standard apt upgrade. Install 2.4.58-1ubuntu8.12 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-suexec-pristine

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-utils2.4.58-1ubuntu8.12apt_upgrade

    Standard apt upgrade. Install 2.4.58-1ubuntu8.12 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-utils

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libapache2-mod-md2.4.58-1ubuntu8.12apt_upgrade

    Standard apt upgrade. Install 2.4.58-1ubuntu8.12 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libapache2-mod-md

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libapache2-mod-proxy-uwsgi2.4.58-1ubuntu8.12apt_upgrade

    Standard apt upgrade. Install 2.4.58-1ubuntu8.12 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libapache2-mod-proxy-uwsgi

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu questing

  • apache22.4.64-1ubuntu3.4apt_upgrade

    Standard apt upgrade. Install 2.4.64-1ubuntu3.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache22.4.64-1ubuntu3.4apt_upgrade

    Standard apt upgrade. Install 2.4.64-1ubuntu3.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-bin2.4.64-1ubuntu3.4apt_upgrade

    Standard apt upgrade. Install 2.4.64-1ubuntu3.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-bin

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-data2.4.64-1ubuntu3.4apt_upgrade

    Standard apt upgrade. Install 2.4.64-1ubuntu3.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-data

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-dev2.4.64-1ubuntu3.4apt_upgrade

    Standard apt upgrade. Install 2.4.64-1ubuntu3.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-dev

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-doc2.4.64-1ubuntu3.4apt_upgrade

    Standard apt upgrade. Install 2.4.64-1ubuntu3.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-doc

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-ssl-dev2.4.64-1ubuntu3.4apt_upgrade

    Standard apt upgrade. Install 2.4.64-1ubuntu3.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-ssl-dev

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-suexec-custom2.4.64-1ubuntu3.4apt_upgrade

    Standard apt upgrade. Install 2.4.64-1ubuntu3.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-suexec-custom

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-suexec-pristine2.4.64-1ubuntu3.4apt_upgrade

    Standard apt upgrade. Install 2.4.64-1ubuntu3.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-suexec-pristine

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-utils2.4.64-1ubuntu3.4apt_upgrade

    Standard apt upgrade. Install 2.4.64-1ubuntu3.4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-utils

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu resolute

  • apache22.4.66-2ubuntu2.1apt_upgrade

    Standard apt upgrade. Install 2.4.66-2ubuntu2.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache22.4.66-2ubuntu2.1apt_upgrade

    Standard apt upgrade. Install 2.4.66-2ubuntu2.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-bin2.4.66-2ubuntu2.1apt_upgrade

    Standard apt upgrade. Install 2.4.66-2ubuntu2.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-bin

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-data2.4.66-2ubuntu2.1apt_upgrade

    Standard apt upgrade. Install 2.4.66-2ubuntu2.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-data

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-dev2.4.66-2ubuntu2.1apt_upgrade

    Standard apt upgrade. Install 2.4.66-2ubuntu2.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-dev

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-doc2.4.66-2ubuntu2.1apt_upgrade

    Standard apt upgrade. Install 2.4.66-2ubuntu2.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-doc

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-ssl-dev2.4.66-2ubuntu2.1apt_upgrade

    Standard apt upgrade. Install 2.4.66-2ubuntu2.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-ssl-dev

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-suexec-custom2.4.66-2ubuntu2.1apt_upgrade

    Standard apt upgrade. Install 2.4.66-2ubuntu2.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-suexec-custom

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-suexec-pristine2.4.66-2ubuntu2.1apt_upgrade

    Standard apt upgrade. Install 2.4.66-2ubuntu2.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-suexec-pristine

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • apache2-utils2.4.66-2ubuntu2.1apt_upgrade

    Standard apt upgrade. Install 2.4.66-2ubuntu2.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y apache2-utils

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Are YOU affected by USN-8239-1?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8239-1 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash
Form-based quickscan Read the bash source first
Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.

Buy lifetime →See StackPatch →Live audit log →