Are you sure you are in ubuntu 14.04.5? Trusty's latest apache2 is 2.4.7-1ubuntu4.20
I assume you meant xenial, which does have 2.4.18-2ubuntu3.8 in security but has 3.9 in updates.
3.8 has security fixes around "nonce generation":
* SECURITY UPDATE: insecure nonce generation
- debian/patches/CVE-2018-1312.patch: actually use the secret when
generating nonces in modules/aaa/mod_auth_digest.c.
- CVE-2018-1312
Are you sure you are in ubuntu 14.04.5? Trusty's latest apache2 is 2.4.7-1ubuntu4.20
I assume you meant xenial, which does have 2.4.18-2ubuntu3.8 in security but has 3.9 in updates.
3.8 has security fixes around "nonce generation":
* SECURITY UPDATE: insecure nonce generation patches/ CVE-2018- 1312.patch: actually use the secret when aaa/mod_ auth_digest. c.
- debian/
generating nonces in modules/
- CVE-2018-1312