[Bug 2103723] Re: Fix for CVE-2024-38474 also blocks %3f in appended query strings

Fri, 04 Apr 2025 12:04:22 -0700 

There were some releases after 2.4.41-4ubuntu3.19, but they don't seem
to address this specific regression.

We have:

https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.20
  * SECURITY REGRESSION: regression when proxying http2 (LP: #2072648)
    - debian/patches/CVE-2024-38477-2.patch: restart from the original URL
      on reconnect in modules/http2/mod_proxy_http2.c.

https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.21
  * SECURITY UPDATE: source code disclosure with handlers configured via
    AddType
    - debian/patches/CVE-2024-40725.patch: copy the trusted flag from the
      subrequest in modules/http/http_request.c.
    - CVE-2024-40725

And this one is in focal-proposed:
https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.22
  * d/debhelper/apache2-maintscript-helper: Allow execution when called from a
    postinst script through a trigger (i.e., postinst triggered).
    Thanks to Roel van Meer. (LP: #2038912) (Closes: #1060450)

I checked the code in 2.4.41-4ubuntu3.22 and the patch[1] doesn't seem to be 
there indeed. I'll flag this bug here to the security team.
Note I couldn't get access to the svn commit, as it returned a 403[2]. Briefly 
checking the github mirror, it seems to be this commit[3].


1. 
https://bz.apache.org/bugzilla/attachment.cgi?id=39815&action=diff&collapsed=&headers=1&format=raw
2. https://svn.apache.org/viewvc?view=rev&rev=1919545
3. 
https://github.com/apache/httpd/commit/a0a68b99d131741c1867cff321424892838fc4b3

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-38477

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-40725

** Tags added: regression-security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2103723

Title:
  Fix for CVE-2024-38474 also blocks %3f in appended query strings

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2103723/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to