apache2 2.4.38-2ubuntu2.2 source package in Ubuntu

Changelog

apache2 (2.4.38-2ubuntu2.2) disco-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 internal data buffering denial of service.
    - d/p/mod_http2-1.15.4-backport-0004-CVE-2019-9517.patch: improve
      http/2 module keepalive throttling.
    - CVE-2019-9517
  * SECURITY UPDATE: Upgrade request from http/1.1 to http/2 crash
    denial of service (LP: #1840188)
    - d/p/mod_http2-1.14.1-backport-0001-Merge-r1852038-r1852101-from-trunk-CVE-2019-0197.patch:
      re-use slave connections and fix slave connection keepalives
      counter.
    - CVE-2019-0197
  * SECURITY UPDATE: mod_http2 memory corruption on early pushes
    - included in mod_http2 1.15.4 backport
    - CVE-2019-10081
  * SECURITY UPDATE: read-after-free in mod_http2 h2 connection
    shutdown.
    - included in mod_http2 1.15.4 backport
    - CVE-2019-10082
  * SECURITY UPDATE: mod_remoteip: Stack buffer overflow and NULL
    pointer dereference.
    - d/p/CVE-2019-10097.patch: add better sanity checks.
    - CVE-2019-10097
  * SECURITY UPDATE: Limited cross-site scripting in mod_proxy
    error page.
    - d/p/CVE-2019-10092-1.patch: Remove request details from built-in
      error documents.
    - d/p/CVE-2019-10092-2.patch: Add missing log numbers.
    - d/p/CVE-2019-10092-3.patch: mod_proxy: Improve XSRF/XSS
      protection.
    - CVE-2019-10092-1
  * SECURITY UPDATE: mod_rewrite potential open redirect
    - d/p/CVE-2019-10098.patch: Set PCRE_DOTALL by default.
    - CVE-2019-10098
  * Backport mod_http2 v1.14.1 and v1.15.4 for CVE-2019-9517,
    CVE-2019-10081, and CVE-2019-10082 fixes:
    - add d/p/mod_http2-1.14.1-backport-*.patches and
      d/p/mod_http2-1.15.4-backport-*.patches

 -- Steve Beattie <email address hidden>  Mon, 26 Aug 2019 06:31:40 -0700

Upload details

Uploaded by:
Steve Beattie on 2019-08-26
Uploaded to:
Disco
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
httpd
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
apache2_2.4.38.orig.tar.gz 8.8 MiB 38d0b73aa313c28065bf58faf64cec12bf7c7d5196146107df2ad07541aa26a6
apache2_2.4.38-2ubuntu2.2.debian.tar.xz 1.0 MiB 982d9cbdaf27da9bd1ed84abcc483074308d7f55f2591c5a2bd20c438f53c916
apache2_2.4.38-2ubuntu2.2.dsc 3.3 KiB 468e2fa2aeb7967a3b84ab4d5801d1bc5a920009cc6a1e512e85c73a68de9cec

View changes file

Binary packages built by this source

apache2: No summary available for apache2 in ubuntu disco.

No description available for apache2 in ubuntu disco.

apache2-bin: No summary available for apache2-bin in ubuntu disco.

No description available for apache2-bin in ubuntu disco.

apache2-bin-dbgsym: No summary available for apache2-bin-dbgsym in ubuntu disco.

No description available for apache2-bin-dbgsym in ubuntu disco.

apache2-data: No summary available for apache2-data in ubuntu disco.

No description available for apache2-data in ubuntu disco.

apache2-dev: No summary available for apache2-dev in ubuntu disco.

No description available for apache2-dev in ubuntu disco.

apache2-doc: No summary available for apache2-doc in ubuntu disco.

No description available for apache2-doc in ubuntu disco.

apache2-ssl-dev: No summary available for apache2-ssl-dev in ubuntu disco.

No description available for apache2-ssl-dev in ubuntu disco.

apache2-suexec-custom: No summary available for apache2-suexec-custom in ubuntu disco.

No description available for apache2-suexec-custom in ubuntu disco.

apache2-suexec-custom-dbgsym: No summary available for apache2-suexec-custom-dbgsym in ubuntu disco.

No description available for apache2-suexec-custom-dbgsym in ubuntu disco.

apache2-suexec-pristine: No summary available for apache2-suexec-pristine in ubuntu disco.

No description available for apache2-suexec-pristine in ubuntu disco.

apache2-suexec-pristine-dbgsym: No summary available for apache2-suexec-pristine-dbgsym in ubuntu disco.

No description available for apache2-suexec-pristine-dbgsym in ubuntu disco.

apache2-utils: No summary available for apache2-utils in ubuntu disco.

No description available for apache2-utils in ubuntu disco.

apache2-utils-dbgsym: No summary available for apache2-utils-dbgsym in ubuntu disco.

No description available for apache2-utils-dbgsym in ubuntu disco.

libapache2-mod-md: No summary available for libapache2-mod-md in ubuntu disco.

No description available for libapache2-mod-md in ubuntu disco.

libapache2-mod-proxy-uwsgi: No summary available for libapache2-mod-proxy-uwsgi in ubuntu disco.

No description available for libapache2-mod-proxy-uwsgi in ubuntu disco.