apache2 2.4.48-3.1ubuntu2 source package in Ubuntu
Changelog
apache2 (2.4.48-3.1ubuntu2) impish; urgency=medium
* SECURITY UPDATE: request splitting over HTTP/2
- debian/patches/CVE-2021-33193.patch: refactor request parsing in
include/ap_mmn.h, include/http_core.h, include/http_protocol.h,
include/http_vhost.h, modules/http2/h2_request.c, server/core.c,
server/core_filters.c, server/protocol.c, server/vhost.c.
- CVE-2021-33193
* SECURITY UPDATE: NULL deref via malformed requests
- debian/patches/CVE-2021-34798.patch: add NULL check in
server/scoreboard.c.
- CVE-2021-34798
* SECURITY UPDATE: DoS in mod_proxy_uwsgi
- debian/patches/CVE-2021-36160.patch: fix PATH_INFO setting for
generic worker in modules/proxy/mod_proxy_uwsgi.c.
- CVE-2021-36160
* SECURITY UPDATE: buffer overflow in ap_escape_quotes
- debian/patches/CVE-2021-39275.patch: fix ap_escape_quotes
substitution logic in server/util.c.
- CVE-2021-39275
* SECURITY UPDATE: arbitrary origin server via crafted request uri-path
- debian/patches/CVE-2021-40438-pre1.patch: faster unix socket path
parsing in the "proxy:" URL in modules/proxy/mod_proxy.c,
modules/proxy/proxy_util.c.
- debian/patches/CVE-2021-40438.patch: add sanity checks on the
configured UDS path in modules/proxy/proxy_util.c.
- CVE-2021-40438
-- Marc Deslauriers <email address hidden> Thu, 23 Sep 2021 12:51:16 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Impish
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| apache2_2.4.48.orig.tar.gz | 9.0 MiB | 315c0bc50206b866fb17c2cdc28c1973765a8d59ca168b80286e8cb077d0510e |
| apache2_2.4.48-3.1ubuntu2.debian.tar.xz | 890.4 KiB | 4ca627dc65d4083c42fd50482b8c50d5c1bde3f230ebed08063cad01f63e11ce |
| apache2_2.4.48-3.1ubuntu2.dsc | 3.3 KiB | 36d47888b82ab019bf3e8fad52edad62739834eadf565f6e38302431c98d3db3 |
Available diffs
Binary packages built by this source
- apache2: No summary available for apache2 in ubuntu impish.
No description available for apache2 in ubuntu impish.
- apache2-bin: No summary available for apache2-bin in ubuntu impish.
No description available for apache2-bin in ubuntu impish.
- apache2-bin-dbgsym: No summary available for apache2-bin-dbgsym in ubuntu impish.
No description available for apache2-bin-dbgsym in ubuntu impish.
- apache2-data: No summary available for apache2-data in ubuntu impish.
No description available for apache2-data in ubuntu impish.
- apache2-dev: No summary available for apache2-dev in ubuntu impish.
No description available for apache2-dev in ubuntu impish.
- apache2-doc: No summary available for apache2-doc in ubuntu impish.
No description available for apache2-doc in ubuntu impish.
- apache2-ssl-dev: No summary available for apache2-ssl-dev in ubuntu impish.
No description available for apache2-ssl-dev in ubuntu impish.
- apache2-suexec-custom: No summary available for apache2-suexec-custom in ubuntu impish.
No description available for apache2-
suexec- custom in ubuntu impish.
- apache2-suexec-custom-dbgsym: No summary available for apache2-suexec-custom-dbgsym in ubuntu impish.
No description available for apache2-
suexec- custom- dbgsym in ubuntu impish.
- apache2-suexec-pristine: No summary available for apache2-suexec-pristine in ubuntu impish.
No description available for apache2-
suexec- pristine in ubuntu impish.
- apache2-suexec-pristine-dbgsym: No summary available for apache2-suexec-pristine-dbgsym in ubuntu impish.
No description available for apache2-
suexec- pristine- dbgsym in ubuntu impish.
- apache2-utils: No summary available for apache2-utils in ubuntu impish.
No description available for apache2-utils in ubuntu impish.
- apache2-utils-dbgsym: No summary available for apache2-utils-dbgsym in ubuntu impish.
No description available for apache2-
utils-dbgsym in ubuntu impish.
- libapache2-mod-md: No summary available for libapache2-mod-md in ubuntu impish.
No description available for libapache2-mod-md in ubuntu impish.
- libapache2-mod-proxy-uwsgi: No summary available for libapache2-mod-proxy-uwsgi in ubuntu impish.
No description available for libapache2-
mod-proxy- uwsgi in ubuntu impish.
