USN-7968-1 fixed vulnerabilities in Apache HTTP Server. The update introduced a regression in mod_md where the MDStapleOthers setting was ignored which resulted in OCSP being broken for some domains. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the Apache HTTP Server incorrectly handled failed ACME certificate renewals. This could result in renewal attempts to be repeated without delays, possibly leading to a denial of service. (CVE-2025-55753)
Anthony Parfenov discovered that the Apache HTTP Server would pass the query string to cmd directives when configured with Server Side Includes (SSI) enabled and mod_cgid. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-58098)
Mattias Åsander discovered that the Apache HTTP Server incorrectly neutralized certain environment variables. This could result in unexpectedly superseding variables calculated by the server for CGI programs. (CVE-2025-65082)
Mattias Åsander discovered that the Apache HTTP Server incorrectly handled AllowOverride FileInfo configurations when using mod_userdir with suexec. An attacker with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. (CVE-2025-66200)
2.4.52-1ubuntu4.192.4.58-1ubuntu8.112.4.64-1ubuntu3.3