Format: 1.8 Date: Thu, 17 Jun 2021 14:27:53 -0400 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: arm64 Version: 2.4.41-4ubuntu3.3 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.41-4ubuntu3.3) focal-security; urgency=medium . * SECURITY UPDATE: mod_proxy_http denial of service. - debian/patches/CVE-2020-13950.patch: don't dereference NULL proxy connection in modules/proxy/mod_proxy_http.c. - CVE-2020-13950 * SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest - debian/patches/CVE-2020-35452.patch: fast validation of the nonce's base64 to fail early if the format can't match anyway in modules/aaa/mod_auth_digest.c. - CVE-2020-35452 * SECURITY UPDATE: DoS via cookie header in mod_session - debian/patches/CVE-2021-26690.patch: save one apr_strtok() in session_identity_decode() in modules/session/mod_session.c. - CVE-2021-26690 * SECURITY UPDATE: heap overflow via SessionHeader - debian/patches/CVE-2021-26691.patch: account for the '&' in identity_concat() in modules/session/mod_session.c. - CVE-2021-26691 * SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF' - debian/patches/CVE-2021-30641.patch: change default behavior in server/request.c. - CVE-2021-30641 * This update does _not_ include the changes from 2.4.41-4ubuntu3.2 in focal-proposed. Checksums-Sha1: 10187f187f9bdefc78e1c356bd7eb9ec1a4663d3 4830604 apache2-bin-dbgsym_2.4.41-4ubuntu3.3_arm64.ddeb 5934a2750398e9777a479a0cc41eaebf48e68e4f 1074680 apache2-bin_2.4.41-4ubuntu3.3_arm64.deb 620d03e31cf1f87debfb9da7b3b64ee315bf6a2f 178996 apache2-dev_2.4.41-4ubuntu3.3_arm64.deb af1214a52110fb5847f9b3aa4cf0ac6056d45116 3152 apache2-ssl-dev_2.4.41-4ubuntu3.3_arm64.deb a4e0aaef109ec7331cdb5eab5b7aa475827e2ab9 12996 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.3_arm64.ddeb 239e088ac10f960547ef60d6be89037607a019f7 15200 apache2-suexec-custom_2.4.41-4ubuntu3.3_arm64.deb 7a7d0d18aa001ae8d2a90c5a629ae98664cb48d4 11848 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.3_arm64.ddeb e84df47682b7316f5fc77186344550be0f5384a1 13724 apache2-suexec-pristine_2.4.41-4ubuntu3.3_arm64.deb 1127ae809104c7c8eeed49490ba0c5583d1df84c 140948 apache2-utils-dbgsym_2.4.41-4ubuntu3.3_arm64.ddeb e2104d7a72083bf9161d832b22645f7aed4ab2a5 81104 apache2-utils_2.4.41-4ubuntu3.3_arm64.deb da9079ef0fe0133121ada13317ef70ff57332f1b 11751 apache2_2.4.41-4ubuntu3.3_arm64.buildinfo 3ec3bd9b7d1ff245d2a22d86a93bad347a53e3b9 95504 apache2_2.4.41-4ubuntu3.3_arm64.deb 23d0553cb67fa2029583a4753c7c05f0f9b79633 988 libapache2-mod-md_2.4.41-4ubuntu3.3_arm64.deb 96145ea8c4003612ec1544465f6fa6e894dbd34e 1180 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.3_arm64.deb Checksums-Sha256: f8ab15bc5a65c5a5aab4d72db3e2456985d2a1e31e7445223493b81a0128182f 4830604 apache2-bin-dbgsym_2.4.41-4ubuntu3.3_arm64.ddeb 31e2a985c86ed584ae993e3cbe7b6bc8711da5d3486ce6c679bb136a265c4e93 1074680 apache2-bin_2.4.41-4ubuntu3.3_arm64.deb e0b77d40a09f01015a1ad8f8138b4342b4825a4614158dee59537dc9b135e123 178996 apache2-dev_2.4.41-4ubuntu3.3_arm64.deb 99faf53221859267c10637a8b4c0bcb9beb6e29a03532489fb37d9502deebc15 3152 apache2-ssl-dev_2.4.41-4ubuntu3.3_arm64.deb f41883cfc6165ea507e0a58bfdff2a4422f36632264f1a16070d786357a9788a 12996 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.3_arm64.ddeb df1b277e9997549c6aaadfad30392b0e0bee08c36d73f9f704aae3d5749e958c 15200 apache2-suexec-custom_2.4.41-4ubuntu3.3_arm64.deb 0978994184cef7caaa6e4cc37a60964ca7270781162aaddc65bb6c81d6047d2a 11848 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.3_arm64.ddeb f7e5fb4b59b7427e204dbeb248ed614c6731c81e337671e00c00b1773335418b 13724 apache2-suexec-pristine_2.4.41-4ubuntu3.3_arm64.deb 16880981cb20a029af89457f9f2c52d179a58da79c6fd8d7e1adb2e0c7c6c3be 140948 apache2-utils-dbgsym_2.4.41-4ubuntu3.3_arm64.ddeb 7ae9087430fb56dfdf299786031f7b3a51338a058d5a4dc521dfa755bf83b037 81104 apache2-utils_2.4.41-4ubuntu3.3_arm64.deb bfcb15895c8da29f85b15a0da1f55df2d531f8e06c17e796940100dc863af044 11751 apache2_2.4.41-4ubuntu3.3_arm64.buildinfo cf634e0ddda91b0b135eace22fccad31837ba46393e1a731ed0f0ba32dba764e 95504 apache2_2.4.41-4ubuntu3.3_arm64.deb 472d1f7b9e835213faf92b7ee72a196b19ea7624a065e1f7e9f0430e8082b7fe 988 libapache2-mod-md_2.4.41-4ubuntu3.3_arm64.deb 0b2ca3bd359daa9aa8e0105055dbd60d9dd543f9b6556829dc8750b8278c6fd2 1180 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.3_arm64.deb Files: fff8a6bc0748ff5c69547980913b5c7d 4830604 debug optional apache2-bin-dbgsym_2.4.41-4ubuntu3.3_arm64.ddeb 1310e3a588380436e33548e1e459e675 1074680 httpd optional apache2-bin_2.4.41-4ubuntu3.3_arm64.deb ce074779b907d1db31e1f7f1df8cb159 178996 httpd optional apache2-dev_2.4.41-4ubuntu3.3_arm64.deb 0b02e57d287d77668892f2f8e1ad92f0 3152 httpd optional apache2-ssl-dev_2.4.41-4ubuntu3.3_arm64.deb 1605f823dd463937956f2cc1815a8692 12996 debug optional apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.3_arm64.ddeb f5ef8d70a2bdd8311c768c49ef8ea3d4 15200 httpd optional apache2-suexec-custom_2.4.41-4ubuntu3.3_arm64.deb 7c2c0c6e797b9cc0f34e6917e2b00953 11848 debug optional apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.3_arm64.ddeb 7225c88922d4fb5f948e4b5b1c00ec77 13724 httpd optional apache2-suexec-pristine_2.4.41-4ubuntu3.3_arm64.deb 4a97b052a0db2523c26b6be87731ce44 140948 debug optional apache2-utils-dbgsym_2.4.41-4ubuntu3.3_arm64.ddeb 8871795cc81f3fe81ebef4beeaf70941 81104 httpd optional apache2-utils_2.4.41-4ubuntu3.3_arm64.deb ece3245133f8e80e05eefbd7a86f4bda 11751 httpd optional apache2_2.4.41-4ubuntu3.3_arm64.buildinfo b90541dcef6ea676f63f8b089b1f8ac1 95504 httpd optional apache2_2.4.41-4ubuntu3.3_arm64.deb 99b41162a2356c9c1ab62126c870243b 988 oldlibs optional libapache2-mod-md_2.4.41-4ubuntu3.3_arm64.deb ef3e32d2aeacabd3641394c028e95499 1180 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.3_arm64.deb Original-Maintainer: Debian Apache Maintainers