Ubuntu
apache2 package

Apache2 later than 2.4.53+ in Ubuntu 20.04

Asked by lbesteban

Apache 2.4.52 and lower contain a high risk CVE

Solution is to upgrade this package, but latest package is 2.4.41

How can this be installed ?

Does it need to download the source and compile or is there any official binary available to upgrade this package ?
Thanks in advance,
Luis

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu apache2 Edit question
Assignee:
No assignee Edit question
Solved by:
Manfred Hampl
Solved:
Last query:
Last reply:
Revision history for this message
Best Manfred Hampl (m-hampl) said : 		#1

Which CVE numbers are you talking about?

There is already a new version published in the focal-security and focal-updates repositories (2.4.41-4ubuntu3.14) with patches included that deal with CVE-2023-25690 and CVE-2023-27522, see the change log.

Revision history for this message
lbesteban (lbesteban) said : 		#2

Thanks Manfred Hampl, that solved my question.

Revision history for this message
lbesteban (lbesteban) said : 		#3

Thank you, my bad trusting a page it said a particular issue was solved in a specific release

Will check this one from now on

https://ubuntu.com/security/cves

And indeed it was marked as solved