apache2 2.4.46-4ubuntu1.1 source package in Ubuntu
Changelog
apache2 (2.4.46-4ubuntu1.1) hirsute-security; urgency=medium
* SECURITY UPDATE: mod_proxy_http denial of service.
- debian/patches/CVE-2020-13950.patch: don't dereference NULL proxy
connection in modules/proxy/mod_proxy_http.c.
- CVE-2020-13950
* SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest
- debian/patches/CVE-2020-35452.patch: fast validation of the nonce's
base64 to fail early if the format can't match anyway in
modules/aaa/mod_auth_digest.c.
- CVE-2020-35452
* SECURITY UPDATE: DoS via cookie header in mod_session
- debian/patches/CVE-2021-26690.patch: save one apr_strtok() in
session_identity_decode() in modules/session/mod_session.c.
- CVE-2021-26690
* SECURITY UPDATE: heap overflow via SessionHeader
- debian/patches/CVE-2021-26691.patch: account for the '&' in
identity_concat() in modules/session/mod_session.c.
- CVE-2021-26691
* SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF'
- debian/patches/CVE-2021-30641.patch: change default behavior in
server/request.c.
- CVE-2021-30641
-- Marc Deslauriers <email address hidden> Thu, 17 Jun 2021 13:09:41 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Hirsute
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- httpd
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| apache2_2.4.46.orig.tar.gz | 8.9 MiB | 44b759ce932dc090c0e75c0210b4485ebf6983466fb8ca1b446c8168e1a1aec2 |
| apache2_2.4.46-4ubuntu1.1.debian.tar.xz | 878.4 KiB | 77e58ebfeae092afd71b7d543f07f65f16793f77d0c7ae775602ed6b21ad836c |
| apache2_2.4.46-4ubuntu1.1.dsc | 3.3 KiB | 3fa7998b041ad7f48a02c79fd2cf22a360ad0b2975a0bd3c3697107c9a90365b |
Available diffs
Binary packages built by this source
- apache2: No summary available for apache2 in ubuntu hirsute.
No description available for apache2 in ubuntu hirsute.
- apache2-bin: No summary available for apache2-bin in ubuntu hirsute.
No description available for apache2-bin in ubuntu hirsute.
- apache2-bin-dbgsym: No summary available for apache2-bin-dbgsym in ubuntu hirsute.
No description available for apache2-bin-dbgsym in ubuntu hirsute.
- apache2-data: No summary available for apache2-data in ubuntu hirsute.
No description available for apache2-data in ubuntu hirsute.
- apache2-dev: No summary available for apache2-dev in ubuntu hirsute.
No description available for apache2-dev in ubuntu hirsute.
- apache2-doc: No summary available for apache2-doc in ubuntu hirsute.
No description available for apache2-doc in ubuntu hirsute.
- apache2-ssl-dev: No summary available for apache2-ssl-dev in ubuntu hirsute.
No description available for apache2-ssl-dev in ubuntu hirsute.
- apache2-suexec-custom: No summary available for apache2-suexec-custom in ubuntu hirsute.
No description available for apache2-
suexec- custom in ubuntu hirsute.
- apache2-suexec-custom-dbgsym: No summary available for apache2-suexec-custom-dbgsym in ubuntu hirsute.
No description available for apache2-
suexec- custom- dbgsym in ubuntu hirsute.
- apache2-suexec-pristine: No summary available for apache2-suexec-pristine in ubuntu hirsute.
No description available for apache2-
suexec- pristine in ubuntu hirsute.
- apache2-suexec-pristine-dbgsym: No summary available for apache2-suexec-pristine-dbgsym in ubuntu hirsute.
No description available for apache2-
suexec- pristine- dbgsym in ubuntu hirsute.
- apache2-utils: No summary available for apache2-utils in ubuntu hirsute.
No description available for apache2-utils in ubuntu hirsute.
- apache2-utils-dbgsym: No summary available for apache2-utils-dbgsym in ubuntu hirsute.
No description available for apache2-
utils-dbgsym in ubuntu hirsute.
- libapache2-mod-md: No summary available for libapache2-mod-md in ubuntu hirsute.
No description available for libapache2-mod-md in ubuntu hirsute.
- libapache2-mod-proxy-uwsgi: No summary available for libapache2-mod-proxy-uwsgi in ubuntu hirsute.
No description available for libapache2-
mod-proxy- uwsgi in ubuntu hirsute.
