-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6323-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : apache2 CVE ID : CVE-2026-49975 Debian Bug : 1138750 It was discovered that incorrect cookie header accounting in the HTTP/2 implementation of the Apache HTTP server may result in denial of service (excessive resources consumption). For the oldstable distribution (bookworm), this problem has been fixed in version 2.4.67-1~deb12u3. For the stable distribution (trixie), this problem has been fixed in version 2.4.67-1~deb13u3. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmokLS1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SF5A//VBFPcEMnrpvy7FSVjc04kiX0vOY6ce5TwphKERhb48EJGqJUg5tjSXrH +jMmwei9F6MuDNxWb2pF/d1tdUB+WBQSt29mX9k565ytSnR9lB4gf0m2cxIhv9K+ +XirQ6bF7dSwWPxmeU+DkBWx4fh/TrWBWNITsiRod3xUmG8uf6xLQIlrwW9ligO5 LisBLoiUDrbis6XsGXP0eQJpp+y2I29+h2wwn49SaeFKP05GifFvglRjiawye6s0 VJJnXt/uR78Sdhkk9J6SPWog5hVyYbIvAFMuuStZ5JLVZ+9cFpNBKoOKz2E5HYAH sgo0an6+69ifzRo+OivObbz3SaaNLzKx3zhwLdMqEa5ygjX7Iu8B74PcA7yQdm+r Ljk+MX17iRCOl3nT51poMgG1XO+jpmeJe0s57sOr53EDPKQvvPflhuwK+ZJtlfmI rfQCmAWDW19gneZoppYon289FmA7Xt9c4NtLtDFy70Q6IesRtrDQQum2eNijeFGR p6BGfRPjHpm8XpAX9zQGVl/DxLJmtpNqTtNLsCOmGyJyPIjNO7DO4ODDJF1RyTzR lIwmVaL9cWOaS/3iB1EWSA9g6+pNSL2bxX05194fdWG5pwZiGVD07gZ/b40F0evt TGG8P6HrEyKPNqyW2xqfvpIdIWljPZtS8gFeJLlhsXLDbO2czTw= =BDfW -----END PGP SIGNATURE-----

