This update for apache2 fixes several issues. These security issues were fixed: - CVE-2017-9789: When under stress the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour . - CVE-2017-7659: A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process . These non-security issues were fixed: - Use the full path to a2enmod and a2dismod in the apache-22-24-upgrade script - Fall back to "localhost" as hostname in gensslcert