Format: 1.8 Date: Wed, 05 Jan 2022 09:29:15 -0500 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Built-For-Profiles: noudeb Architecture: s390x Version: 2.4.48-3.1ubuntu3.2 Distribution: impish Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.48-3.1ubuntu3.2) impish-security; urgency=medium . * SECURITY UPDATE: DoS or SSRF via forward proxy - debian/patches/CVE-2021-44224-1.patch: enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname in include/http_protocol.h, modules/http/http_request.c, modules/http2/h2_request.c, modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c, server/protocol.c. - debian/patches/CVE-2021-44224-2.patch: don't prevent forwarding URIs w/ no hostname in modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c. - CVE-2021-44224 * SECURITY UPDATE: overflow in mod_lua multipart parser - debian/patches/CVE-2021-44790.patch: improve error handling in modules/lua/lua_request.c. - CVE-2021-44790 Checksums-Sha1: 9791a1cf3e1d7124697a71dbe67adad800743234 3499612 apache2-bin-dbgsym_2.4.48-3.1ubuntu3.2_s390x.ddeb 4157d1a667da28bbd9e47ebd97ffb0a3d58fba97 1265508 apache2-bin_2.4.48-3.1ubuntu3.2_s390x.deb cb1334dd7f3513c4eb5930da9a28e2131c707583 187446 apache2-dev_2.4.48-3.1ubuntu3.2_s390x.deb 28527886902190829a5e3f157f711e07569ec2d3 2988 apache2-ssl-dev_2.4.48-3.1ubuntu3.2_s390x.deb 766d4640b86aaaec21b89a655291b9b08124cefe 12960 apache2-suexec-custom-dbgsym_2.4.48-3.1ubuntu3.2_s390x.ddeb 377a35f54140c317790f2dcef94d491c658fc4a6 16406 apache2-suexec-custom_2.4.48-3.1ubuntu3.2_s390x.deb 6d1b3cc43ac0667ea9995c8f9fb5e422d7fc7bfd 11726 apache2-suexec-pristine-dbgsym_2.4.48-3.1ubuntu3.2_s390x.ddeb 95c26e4f0c6dc64a2ff028794f132a32362252b6 14858 apache2-suexec-pristine_2.4.48-3.1ubuntu3.2_s390x.deb 2201b3ef9635cf4be35f90254420be369cbabbf6 118586 apache2-utils-dbgsym_2.4.48-3.1ubuntu3.2_s390x.ddeb 6193ef038009c70774d186c53c18dce8210ad9e2 89220 apache2-utils_2.4.48-3.1ubuntu3.2_s390x.deb 30b79723dbfdff25e2566f6726089546be9a92bd 11706 apache2_2.4.48-3.1ubuntu3.2_s390x.buildinfo cef7ae9abf6a8975f452b7c23218adecb86c53ec 97838 apache2_2.4.48-3.1ubuntu3.2_s390x.deb b38c6faddbee113bf697c79d1885faa804b07e55 808 libapache2-mod-md_2.4.48-3.1ubuntu3.2_s390x.deb c52b439af8d87cdabe78a42a1a8612fba5c27420 992 libapache2-mod-proxy-uwsgi_2.4.48-3.1ubuntu3.2_s390x.deb Checksums-Sha256: 178010b85f9d31817636a0b8ca568bd1739b14d1594f5473884b969e3d24790c 3499612 apache2-bin-dbgsym_2.4.48-3.1ubuntu3.2_s390x.ddeb 69c326df2eff888eb77bcdf405498089a2775932105179c1677ae8a96b6547ab 1265508 apache2-bin_2.4.48-3.1ubuntu3.2_s390x.deb 3ce654c42046d36e1b0a2bf2c10251cb79bb07c9991de31acfc4638d257ab72e 187446 apache2-dev_2.4.48-3.1ubuntu3.2_s390x.deb 771d756285b670ff2a5a701b4ec5ee27d9e6f741885779fed8dec1eff3acb9d1 2988 apache2-ssl-dev_2.4.48-3.1ubuntu3.2_s390x.deb dbe0d372df9b00c7a50d9a750a939025e13f7782d13de44804b7fb57a16a4277 12960 apache2-suexec-custom-dbgsym_2.4.48-3.1ubuntu3.2_s390x.ddeb e983c6ab4be7b5fd490e75dcd26d79f23e021ff247baaa1d7f1f6ad5bb58b810 16406 apache2-suexec-custom_2.4.48-3.1ubuntu3.2_s390x.deb 15caf16fb59ced0f91b2d501c2e86038b1aec9603c43ce1dc4d926f199520de2 11726 apache2-suexec-pristine-dbgsym_2.4.48-3.1ubuntu3.2_s390x.ddeb 98ecaa866d4c8b5da4c63bbdbe91314079d989f35f315e3c197fcab0520bd4e4 14858 apache2-suexec-pristine_2.4.48-3.1ubuntu3.2_s390x.deb be1558f5807139ca1da45b0201785013b87ce20e564f6b8b7547496793e6b28e 118586 apache2-utils-dbgsym_2.4.48-3.1ubuntu3.2_s390x.ddeb ded385f77b3695fb1ca4bf7651d866c40aca244e8a6370e67790e9e3287bce37 89220 apache2-utils_2.4.48-3.1ubuntu3.2_s390x.deb 791e173611d7e124bcf20dfe35e80556291e4a86718c5a8795cbde36ae680e27 11706 apache2_2.4.48-3.1ubuntu3.2_s390x.buildinfo 8806af60e80ea11072fb06d96e442e2a751021a8c59958238ada6cef4056aa00 97838 apache2_2.4.48-3.1ubuntu3.2_s390x.deb e838971c891ca0d3d9d69b8bab7ab5b08ed17da86bcefd2c27d33b8d2bbb55dc 808 libapache2-mod-md_2.4.48-3.1ubuntu3.2_s390x.deb 6eaa1a09c47079654ecedc6b97a15839215de535e8d9e850dfa2c18f79947b99 992 libapache2-mod-proxy-uwsgi_2.4.48-3.1ubuntu3.2_s390x.deb Files: 65232786c43ca5764544bd62d313c877 3499612 debug optional apache2-bin-dbgsym_2.4.48-3.1ubuntu3.2_s390x.ddeb 5e1ff8e959eddb7b78b434f5b2d0fe9a 1265508 httpd optional apache2-bin_2.4.48-3.1ubuntu3.2_s390x.deb 1c89acbfb42fcdc67d7feb7e5956a233 187446 httpd optional apache2-dev_2.4.48-3.1ubuntu3.2_s390x.deb a76cb30535f727f4933045f643109d20 2988 httpd optional apache2-ssl-dev_2.4.48-3.1ubuntu3.2_s390x.deb 1d9ee5b246574b6b8227d3cc001c9f78 12960 debug optional apache2-suexec-custom-dbgsym_2.4.48-3.1ubuntu3.2_s390x.ddeb a4c41673d84465d3285278063d975b18 16406 httpd optional apache2-suexec-custom_2.4.48-3.1ubuntu3.2_s390x.deb 0f0d42d0e930f689746fc75b6005cbb8 11726 debug optional apache2-suexec-pristine-dbgsym_2.4.48-3.1ubuntu3.2_s390x.ddeb 87772102dc5306cbd86bf0f5fcac85b2 14858 httpd optional apache2-suexec-pristine_2.4.48-3.1ubuntu3.2_s390x.deb 4a2cd682c27621f1c02df46925e1faa0 118586 debug optional apache2-utils-dbgsym_2.4.48-3.1ubuntu3.2_s390x.ddeb c36990776bf24beedb2d040244ce0766 89220 httpd optional apache2-utils_2.4.48-3.1ubuntu3.2_s390x.deb c6256b03f21d4aaec164928c0bfaa13d 11706 httpd optional apache2_2.4.48-3.1ubuntu3.2_s390x.buildinfo 7d98bd1c53a5e6de5d107242593c753d 97838 httpd optional apache2_2.4.48-3.1ubuntu3.2_s390x.deb da823df3e16fd6cdaa25395a7f0dc669 808 oldlibs optional libapache2-mod-md_2.4.48-3.1ubuntu3.2_s390x.deb 4013b8890db39fbd6525f557f86ccd19 992 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.48-3.1ubuntu3.2_s390x.deb Original-Maintainer: Debian Apache Maintainers