From version 2.4.17 (Oct 9, 2015) to version 2.4.38 (Apr 1, 2019), Apache HTTP suffers from a local root privilege escalation vulnerability due to an out-of-bounds array access leading to an arbitrary function call. The vulnerability is triggered when Apache gracefully restarts (apache2ctl graceful). In standard Linux configurations, the logrotate utility runs this command once a day, at 6:25AM, in order to reset log file handles.

(source: CARPE (DIEM): CVE-2019-0211 Apache Root Privilege Escalation [cfreal.github.io])

in other words, if you are on one of these unix-based apache 2.4 versions (2.4.38, 2.4.37, 2.4.35, 2.4.34, 2.4.33, 2.4.30, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17) you want to upgrade to version 2.4.39 asap.
(source: important: Apache HTTP Server privilege escalation from modules' scripts (CVE-2019-0211) [httpd.apache.org])

Apache HTTP Server 2.4.39 Released [apache.org]

as of today, "Apache HTTP Server 2.4.39 (httpd): 2.4.39 is the latest available version"
available here:
https://httpd.apache.org/download.cgi#apache24

The vulnerability is triggered when Apache gracefully restarts

I see what they mean, but it still seems backward. It’s when you don’t restart “gracefully” that things are supposed to go wrong!

If I understand correctly it is a problem for things like shared hosting where you are running untrusted code using mod_php or similar that runs code within the Apache process.