apache2 2.4.48-3.1ubuntu3.3 source package in Ubuntu
Changelog
apache2 (2.4.48-3.1ubuntu3.3) impish-security; urgency=medium
* SECURITY UPDATE: OOB read in mod_lua via crafted request body
- debian/patches/CVE-2022-22719.patch: error out if lua_read_body() or
lua_write_body() fail in modules/lua/lua_request.c.
- CVE-2022-22719
* SECURITY UPDATE: HTTP Request Smuggling via error discarding the
request body
- debian/patches/CVE-2022-22720.patch: simpler connection close logic
if discarding the request body fails in modules/http/http_filters.c,
server/protocol.c.
- CVE-2022-22720
* SECURITY UPDATE: overflow via large LimitXMLRequestBody
- debian/patches/CVE-2022-22721.patch: make sure and check that
LimitXMLRequestBody fits in system memory in server/core.c,
server/util.c, server/util_xml.c.
- CVE-2022-22721
* SECURITY UPDATE: out-of-bounds write in mod_sed
- debian/patches/CVE-2022-23943-1.patch: use size_t to allow for larger
buffer sizes and unsigned arithmetics in modules/filters/libsed.h,
modules/filters/mod_sed.c, modules/filters/sed1.c.
- debian/patches/CVE-2022-23943-2.patch: improve the logic flow in
modules/filters/mod_sed.c.
- CVE-2022-23943
-- Marc Deslauriers <email address hidden> Wed, 16 Mar 2022 12:46:16 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Impish
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- httpd
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| apache2_2.4.48.orig.tar.gz | 9.0 MiB | 315c0bc50206b866fb17c2cdc28c1973765a8d59ca168b80286e8cb077d0510e |
| apache2_2.4.48-3.1ubuntu3.3.debian.tar.xz | 899.3 KiB | f1a368fad5593e09e3ce624f1e4f6575a3493ccce360c0cb8fdbdd803b5b8e7f |
| apache2_2.4.48-3.1ubuntu3.3.dsc | 3.3 KiB | 51515324c819a335aab7a9078e66a59315a5040e61de53eaa9e1286cb9de3067 |
Available diffs
Binary packages built by this source
- apache2: No summary available for apache2 in ubuntu impish.
No description available for apache2 in ubuntu impish.
- apache2-bin: No summary available for apache2-bin in ubuntu impish.
No description available for apache2-bin in ubuntu impish.
- apache2-bin-dbgsym: No summary available for apache2-bin-dbgsym in ubuntu impish.
No description available for apache2-bin-dbgsym in ubuntu impish.
- apache2-data: No summary available for apache2-data in ubuntu impish.
No description available for apache2-data in ubuntu impish.
- apache2-dev: No summary available for apache2-dev in ubuntu impish.
No description available for apache2-dev in ubuntu impish.
- apache2-doc: No summary available for apache2-doc in ubuntu impish.
No description available for apache2-doc in ubuntu impish.
- apache2-ssl-dev: No summary available for apache2-ssl-dev in ubuntu impish.
No description available for apache2-ssl-dev in ubuntu impish.
- apache2-suexec-custom: No summary available for apache2-suexec-custom in ubuntu impish.
No description available for apache2-
suexec- custom in ubuntu impish.
- apache2-suexec-custom-dbgsym: No summary available for apache2-suexec-custom-dbgsym in ubuntu impish.
No description available for apache2-
suexec- custom- dbgsym in ubuntu impish.
- apache2-suexec-pristine: No summary available for apache2-suexec-pristine in ubuntu impish.
No description available for apache2-
suexec- pristine in ubuntu impish.
- apache2-suexec-pristine-dbgsym: No summary available for apache2-suexec-pristine-dbgsym in ubuntu impish.
No description available for apache2-
suexec- pristine- dbgsym in ubuntu impish.
- apache2-utils: No summary available for apache2-utils in ubuntu impish.
No description available for apache2-utils in ubuntu impish.
- apache2-utils-dbgsym: No summary available for apache2-utils-dbgsym in ubuntu impish.
No description available for apache2-
utils-dbgsym in ubuntu impish.
- libapache2-mod-md: No summary available for libapache2-mod-md in ubuntu impish.
No description available for libapache2-mod-md in ubuntu impish.
- libapache2-mod-proxy-uwsgi: No summary available for libapache2-mod-proxy-uwsgi in ubuntu impish.
No description available for libapache2-
mod-proxy- uwsgi in ubuntu impish.
