Admin action: Ubuntu published USN-8516-1 for Apache HTTP Server and USN-8517-1 for ClamAV on July 8, 2026. Hosting, VPS, mail, and security-scanning servers should be reviewed for the updated packages.
The Apache notice matters for public web servers because Ubuntu lists multiple Apache CVEs, including issues that can cause denial of service and at least one case where arbitrary code execution is possible in affected configurations. The ClamAV notice matters for mail gateways, upload scanning, and file-scanning workflows because malformed files can crash the scanner or consume excessive resources.
Ubuntu Apache Packages
Ubuntu says the Apache fixes are available for supported Resolute, Noble, and Jammy systems. The fixed package versions listed by Ubuntu are:
- Ubuntu 26.04: apache2 2.4.66-2ubuntu2.4
- Ubuntu 24.04: apache2 2.4.58-1ubuntu8.15
- Ubuntu 22.04: apache2 2.4.52-1ubuntu4.23
The Apache CVEs listed by Ubuntu include CVE-2026-29167, CVE-2026-29170, CVE-2026-34355, CVE-2026-34356, CVE-2026-42535, CVE-2026-42536, CVE-2026-43951, CVE-2026-44119, CVE-2026-44185, CVE-2026-44186, CVE-2026-44631, and CVE-2026-48913.
Ubuntu ClamAV Packages
Ubuntu says the ClamAV fixes are also available for supported Resolute, Noble, and Jammy systems. The fixed package versions listed by Ubuntu are:
- Ubuntu 26.04: clamav 1.5.3+dfsg-0ubuntu0.26.04.1
- Ubuntu 24.04: clamav 1.5.3+dfsg-0ubuntu0.24.04.1
- Ubuntu 22.04: clamav 1.5.3+dfsg-0ubuntu0.22.04.2
The ClamAV CVEs listed by Ubuntu include CVE-2026-20213, CVE-2026-20214, CVE-2026-20215, CVE-2026-20216, CVE-2026-20217, CVE-2026-20243, and CVE-2026-20244.
Backup And Maintenance Checklist
- Confirm which Ubuntu web, mail, upload, and scanning servers have apache2 or clamav installed.
- Take or confirm a current server backup before maintenance on customer-facing systems.
- Apply the vendor package updates through your normal Ubuntu maintenance process.
- Restart or reload affected services according to your maintenance policy.
- Verify public websites, reverse proxies, mail scanning, upload scanning, and monitoring checks after the update.
Hosting Notes
For shared hosting, cPanel-adjacent stacks, mail gateways, or custom Ubuntu web nodes, this is not just a desktop package update. Apache and ClamAV often sit directly in the path of customer traffic, email, attachment scanning, or file intake. Patch deliberately, then confirm the services that customers can feel.


