Not a user yet?
Log in Register for free Suggest a product
Update

USN-7968-1: Apache HTTP Server vulnerabilities

Ubuntu ServerUbuntu Server
Canonical

USN-7968-1: Apache HTTP Server vulnerabilities
Publication date: 19 January 2026
Overview: Several security issues were fixed in Apache HTTP Server.

Packages
apache2 - Apache HTTP server

Details
It was discovered that the Apache HTTP Server incorrectly handled failed
ACME certificate renewals. This could result in renewal attempts to be
repeated without delays, possibly leading to a denial of service.
(CVE-2025-55753)

Anthony Parfenov discovered that the Apache HTTP Server would pass the
query string to cmd directives when configured with Server Side Includes
(SSI) enabled and mod_cgid. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2025-58098)

Mattias Åsander discovered that the Apache HTTP Server incorrectly
neutralized certain environment variables. This could result in
unexpectedly superseding variables calculated by the server for CGI
programs. (CVE-2025-65082)

Mattias Åsander discovered that the Apache HTTP Server incorrectly
handled AllowOverride FileInfo configurations when using mod_userdir with
suexec. An attacker with access to use the RequestHeader directive in
htaccess can cause some CGI scripts to run under an unexpected userid.
(CVE-2025-66200)

The problem can be corrected by updating your system to the following package versions:

  • 25.10 questing apache2 – 2.4.64-1ubuntu3.2
  • 24.04 LTS noble apache2 – 2.4.58-1ubuntu8.10
  • 22.04 LTS jammy apache2 – 2.4.52-1ubuntu4.18
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad