<![CDATA[DigitalOcean: Hey that Apache vuln thing needs upgrade on your droplet.]]>DigitalOcean: Hey that Apache vuln thing needs upgrade on your droplet.

Me: Thanks! Are your distro repos updated to contain the patched version?

DO: lol no

[Edit: to be fair, this is Debian's fault, not DOs (see screenshot). At least DO told me!]

[Edit 2: that specific vuln was quietly fixed on Debian specifically well before this version?? Would be advisable for them to have said that now?
https://infosec.exchange/@tychotithonus/116527548611779862 ]

Link Preview Image
]]>https://board.circlewithadot.net/topic/c42ab73c-6f13-4484-83e0-c079ed527776/digitalocean-hey-that-apache-vuln-thing-needs-upgrade-on-your-droplet.RSS for NodeFri, 15 May 2026 09:35:27 GMTWed, 06 May 2026 01:02:25 GMT60<![CDATA[Reply to DigitalOcean: Hey that Apache vuln thing needs upgrade on your droplet. on Wed, 06 May 2026 14:46:45 GMT]]>@gnomon it's in the blog post. Eissing shows the timeline

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/tychotithonus/statuses/116528172620746616https://board.circlewithadot.net/post/https://infosec.exchange/users/tychotithonus/statuses/116528172620746616Wed, 06 May 2026 14:46:45 GMT<![CDATA[Reply to DigitalOcean: Hey that Apache vuln thing needs upgrade on your droplet. on Wed, 06 May 2026 13:53:49 GMT]]>@tychotithonus do you happen to have a link to the info about Debian's .66 already having a fix for this issue?

]]>https://board.circlewithadot.net/post/https://mastodon.social/users/gnomon/statuses/116527964422881173https://board.circlewithadot.net/post/https://mastodon.social/users/gnomon/statuses/116527964422881173Wed, 06 May 2026 13:53:49 GMT<![CDATA[Reply to DigitalOcean: Hey that Apache vuln thing needs upgrade on your droplet. on Wed, 06 May 2026 13:32:03 GMT]]>@tychotithonus either way:

"Unpacking apache2 (2.4.67-1~deb12u1) over (2.4.66-1~deb12u2) ..."

]]>https://board.circlewithadot.net/post/https://social.ridetrans.it/users/Andres4NY/statuses/116527878865607965https://board.circlewithadot.net/post/https://social.ridetrans.it/users/Andres4NY/statuses/116527878865607965Wed, 06 May 2026 13:32:03 GMT<![CDATA[Reply to DigitalOcean: Hey that Apache vuln thing needs upgrade on your droplet. on Wed, 06 May 2026 12:27:37 GMT]]>@Andres4NY Parent post updated, apparently CVE-2026-23918 was fixed much earlier?

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/tychotithonus/statuses/116527625503609267https://board.circlewithadot.net/post/https://infosec.exchange/users/tychotithonus/statuses/116527625503609267Wed, 06 May 2026 12:27:37 GMT<![CDATA[Reply to DigitalOcean: Hey that Apache vuln thing needs upgrade on your droplet. on Wed, 06 May 2026 07:11:11 GMT]]>@tychotithonus yeah, that thing.

To my knowledge, the debian 2.4.66 packages already contain the fix. Which they could not link to the CVE as that was not available at the time.

"Responsible disclosure" strikes again.

]]>https://board.circlewithadot.net/post/https://chaos.social/users/icing/statuses/116526381249682303https://board.circlewithadot.net/post/https://chaos.social/users/icing/statuses/116526381249682303Wed, 06 May 2026 07:11:11 GMT<![CDATA[Reply to DigitalOcean: Hey that Apache vuln thing needs upgrade on your droplet. on Wed, 06 May 2026 03:51:12 GMT]]>@tychotithonus I just love the Debian security tracker, they manage the flood so good https://security-tracker.debian.org/tracker/CVE-2026-23918

]]>https://board.circlewithadot.net/post/https://zusammenkunft.net/users/eckes/statuses/116525594892423811https://board.circlewithadot.net/post/https://zusammenkunft.net/users/eckes/statuses/116525594892423811Wed, 06 May 2026 03:51:12 GMT<![CDATA[Reply to DigitalOcean: Hey that Apache vuln thing needs upgrade on your droplet. on Wed, 06 May 2026 01:30:33 GMT]]>@Andres4NY Ah, thanks - I was just going to start asking!

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/tychotithonus/statuses/116525041842115449https://board.circlewithadot.net/post/https://infosec.exchange/users/tychotithonus/statuses/116525041842115449Wed, 06 May 2026 01:30:33 GMT<![CDATA[Reply to DigitalOcean: Hey that Apache vuln thing needs upgrade on your droplet. on Wed, 06 May 2026 01:29:39 GMT]]>@tychotithonus (Wasn't my decision, but I'm guessing they're a bit twitchy about .67 since the last "bugfix" apache release had a pretty serious regression: https://tracker.debian.org/news/1725501/accepted-apache2-2466-1deb13u2-source-into-proposed-updates/ )

]]>https://board.circlewithadot.net/post/https://social.ridetrans.it/users/Andres4NY/statuses/116525038290459972https://board.circlewithadot.net/post/https://social.ridetrans.it/users/Andres4NY/statuses/116525038290459972Wed, 06 May 2026 01:29:39 GMT<![CDATA[Reply to DigitalOcean: Hey that Apache vuln thing needs upgrade on your droplet. on Wed, 06 May 2026 01:27:04 GMT]]>@tychotithonus make sure you have (old)stable-proposed-updates enabled, it's going in that way rather than through stable-security.

Link Preview Image
Debian Package Tracker

favicon

(tracker.debian.org)

]]>https://board.circlewithadot.net/post/https://social.ridetrans.it/users/Andres4NY/statuses/116525028117717775https://board.circlewithadot.net/post/https://social.ridetrans.it/users/Andres4NY/statuses/116525028117717775Wed, 06 May 2026 01:27:04 GMT<![CDATA[Reply to DigitalOcean: Hey that Apache vuln thing needs upgrade on your droplet. on Wed, 06 May 2026 01:04:34 GMT]]>@tychotithonus edge first? Lol

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/noplasticshower/statuses/116524939640245288https://board.circlewithadot.net/post/https://infosec.exchange/users/noplasticshower/statuses/116524939640245288Wed, 06 May 2026 01:04:34 GMT<![CDATA[Reply to DigitalOcean: Hey that Apache vuln thing needs upgrade on your droplet. on Wed, 06 May 2026 01:03:08 GMT]]>@tychotithonus that's fine.

They aren't gonna patch the hypervisors either.

]]>https://board.circlewithadot.net/post/https://weird.autos/users/rootwyrm/statuses/116524934012155781https://board.circlewithadot.net/post/https://weird.autos/users/rootwyrm/statuses/116524934012155781Wed, 06 May 2026 01:03:08 GMT