Format: 1.8 Date: Thu, 17 Jun 2021 13:09:41 -0400 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Built-For-Profiles: noudeb Architecture: armhf Version: 2.4.46-4ubuntu1.1 Distribution: hirsute Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.46-4ubuntu1.1) hirsute-security; urgency=medium . * SECURITY UPDATE: mod_proxy_http denial of service. - debian/patches/CVE-2020-13950.patch: don't dereference NULL proxy connection in modules/proxy/mod_proxy_http.c. - CVE-2020-13950 * SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest - debian/patches/CVE-2020-35452.patch: fast validation of the nonce's base64 to fail early if the format can't match anyway in modules/aaa/mod_auth_digest.c. - CVE-2020-35452 * SECURITY UPDATE: DoS via cookie header in mod_session - debian/patches/CVE-2021-26690.patch: save one apr_strtok() in session_identity_decode() in modules/session/mod_session.c. - CVE-2021-26690 * SECURITY UPDATE: heap overflow via SessionHeader - debian/patches/CVE-2021-26691.patch: account for the '&' in identity_concat() in modules/session/mod_session.c. - CVE-2021-26691 * SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF' - debian/patches/CVE-2021-30641.patch: change default behavior in server/request.c. - CVE-2021-30641 Checksums-Sha1: b8029d55695a378910cb3bee55ab4e32bf006540 3136660 apache2-bin-dbgsym_2.4.46-4ubuntu1.1_armhf.ddeb 655708880813f75fd62c13f14ff9466494601d60 1041724 apache2-bin_2.4.46-4ubuntu1.1_armhf.deb 0581f9977ae82586e21049e62b4453ea62da10b7 179448 apache2-dev_2.4.46-4ubuntu1.1_armhf.deb e5ab2f0dfed55c3af0b6fd17785fd013fcc6bcae 3164 apache2-ssl-dev_2.4.46-4ubuntu1.1_armhf.deb fb85ac87aaffe261a63cd9082f951e8320bc81d6 12160 apache2-suexec-custom-dbgsym_2.4.46-4ubuntu1.1_armhf.ddeb 8d5ad0db7a57a62db4497953bf8def861081ef66 14628 apache2-suexec-custom_2.4.46-4ubuntu1.1_armhf.deb ccead32c10111d0a86b0256cc070bec361d9f1fd 10888 apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu1.1_armhf.ddeb 36c175568a8d766eddc0d9afb6ba28362a357867 13248 apache2-suexec-pristine_2.4.46-4ubuntu1.1_armhf.deb 9984a802deba4fd8a398bbf26c5b6c8a31e0c1f3 117252 apache2-utils-dbgsym_2.4.46-4ubuntu1.1_armhf.ddeb 0db32bcf89c3ccf7762e46cc1eb63ad1d5c965cb 83424 apache2-utils_2.4.46-4ubuntu1.1_armhf.deb 424a1d656af8b2523a94591ae59dcae222558d7d 11904 apache2_2.4.46-4ubuntu1.1_armhf.buildinfo 2c30bc76a15b9966934f283e7f505db74edf9622 95860 apache2_2.4.46-4ubuntu1.1_armhf.deb 3d1cc481fef7b44aedc11a1c1e75e670b950d347 1000 libapache2-mod-md_2.4.46-4ubuntu1.1_armhf.deb 8b00316bbbc8c4969d8176d975a5f0447dd178a2 1172 libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu1.1_armhf.deb Checksums-Sha256: 9e24b914f0f5ac998b551988963662e016820274a0aa4239b35879d9dc574f4b 3136660 apache2-bin-dbgsym_2.4.46-4ubuntu1.1_armhf.ddeb 31836a1ad15689b4dd6fb2235fb23d223e65dab7889751bc23139dc5f4ae1a7f 1041724 apache2-bin_2.4.46-4ubuntu1.1_armhf.deb 13036773ed4446da8002e789ab2feb4bf121fa3d558d4eb12a5b9241c7ccf1df 179448 apache2-dev_2.4.46-4ubuntu1.1_armhf.deb 33cb8ac813a4cb2556c64dc8281d48e4fbae4173b1af6a482001114d08ddb924 3164 apache2-ssl-dev_2.4.46-4ubuntu1.1_armhf.deb 63c52fbc4aa1173bfd82265a548ddabd544f5a08cb2d5f6d4fb571b35f42119f 12160 apache2-suexec-custom-dbgsym_2.4.46-4ubuntu1.1_armhf.ddeb 9710f14a57590ff3fe02dd9c41049e2c2daa3b67d6fb812c1cb77d385ef07a6f 14628 apache2-suexec-custom_2.4.46-4ubuntu1.1_armhf.deb e93236b31bb9816ef426a89f1397618ed597bf5314c0603a4134af8f3d38a2a9 10888 apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu1.1_armhf.ddeb 84452eb524cf13ff57952888e6235591f072fad6822fd8857c482165f66a6c13 13248 apache2-suexec-pristine_2.4.46-4ubuntu1.1_armhf.deb 6af11dcd813261be8100e38b5d77416f50de0c86563bcbd2756681244e57adc8 117252 apache2-utils-dbgsym_2.4.46-4ubuntu1.1_armhf.ddeb 840b8f20f0ed3e50b81736c5bf6fb2a0872979b5aaefe41fc3db87bab718a184 83424 apache2-utils_2.4.46-4ubuntu1.1_armhf.deb 33c8a6685da52c8106366427408a72a82287f68bd06b44b46319ed44df989782 11904 apache2_2.4.46-4ubuntu1.1_armhf.buildinfo deeb0c217a2f7e1f55f24ca4b6db6d82aaaed00dad98f28c7d233942a5da374e 95860 apache2_2.4.46-4ubuntu1.1_armhf.deb 2882099c2ebc5ea8c4ec2f4a3580b6d12630eac57d0749d3ce9fe68dd9e1f589 1000 libapache2-mod-md_2.4.46-4ubuntu1.1_armhf.deb 66bbb0392b4c3881770db5a86bf07d4dffd115be45631b36340f5fe8779574ca 1172 libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu1.1_armhf.deb Files: 7faab91df0a70aa40f5bf68ab26ca9ff 3136660 debug optional apache2-bin-dbgsym_2.4.46-4ubuntu1.1_armhf.ddeb 81eceb98da4534fefc1f19410d7b521f 1041724 httpd optional apache2-bin_2.4.46-4ubuntu1.1_armhf.deb 4fc9d6cb7809678c75ac4a88d3dd00bf 179448 httpd optional apache2-dev_2.4.46-4ubuntu1.1_armhf.deb 8d6b467ae55d3f3fd28420b7099208ab 3164 httpd optional apache2-ssl-dev_2.4.46-4ubuntu1.1_armhf.deb 2a9693edb755970ad424fd8fec138328 12160 debug optional apache2-suexec-custom-dbgsym_2.4.46-4ubuntu1.1_armhf.ddeb bdb3aa31c71fd37c936ccedcdfd3b17f 14628 httpd optional apache2-suexec-custom_2.4.46-4ubuntu1.1_armhf.deb eb5a5b1a31446ad4195f7e015ee7852a 10888 debug optional apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu1.1_armhf.ddeb 3d2485a8a7584fa384803fdbfa841162 13248 httpd optional apache2-suexec-pristine_2.4.46-4ubuntu1.1_armhf.deb a3aac7d8ab158717c5a783f48772e4e4 117252 debug optional apache2-utils-dbgsym_2.4.46-4ubuntu1.1_armhf.ddeb c1b55b4e5fc82f32be75246b76d5c1d2 83424 httpd optional apache2-utils_2.4.46-4ubuntu1.1_armhf.deb c29f48024e5e7ed7c7fcaff1db4434f2 11904 httpd optional apache2_2.4.46-4ubuntu1.1_armhf.buildinfo a7a468f59c55fecbfd8344d40bf8f3b9 95860 httpd optional apache2_2.4.46-4ubuntu1.1_armhf.deb 1a84f7b2732f5909f413b22684d15a8b 1000 oldlibs optional libapache2-mod-md_2.4.46-4ubuntu1.1_armhf.deb d25df457660b0581929a2f8156141eb0 1172 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu1.1_armhf.deb Original-Maintainer: Debian Apache Maintainers