Format: 1.8 Date: Wed, 05 Jan 2022 09:38:48 -0500 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Built-For-Profiles: noudeb Architecture: armhf Version: 2.4.46-4ubuntu1.5 Distribution: hirsute Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.46-4ubuntu1.5) hirsute-security; urgency=medium . * SECURITY UPDATE: DoS or SSRF via forward proxy - debian/patches/CVE-2021-44224-1.patch: enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname in include/http_protocol.h, modules/http/http_request.c, modules/http2/h2_request.c, modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c, server/protocol.c. - debian/patches/CVE-2021-44224-2.patch: don't prevent forwarding URIs w/ no hostname in modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c. - CVE-2021-44224 * SECURITY UPDATE: overflow in mod_lua multipart parser - debian/patches/CVE-2021-44790.patch: improve error handling in modules/lua/lua_request.c. - CVE-2021-44790 Checksums-Sha1: 8b49bcee219e8b9d712709c1be88d20f63f79954 3138268 apache2-bin-dbgsym_2.4.46-4ubuntu1.5_armhf.ddeb 38b4a277f419c5ac7634e60cf770666e3969946c 1043092 apache2-bin_2.4.46-4ubuntu1.5_armhf.deb 7fc54e8010c8c1b71848139ed572fa64fb3a9435 180328 apache2-dev_2.4.46-4ubuntu1.5_armhf.deb 3036583205601e1f5c6dce79ce24a6932bc86849 3168 apache2-ssl-dev_2.4.46-4ubuntu1.5_armhf.deb 3f8e753d2917f7239e547691a93825fe193e5f35 12164 apache2-suexec-custom-dbgsym_2.4.46-4ubuntu1.5_armhf.ddeb 7a29d49b8c34b40171d31828757488b19b9ffc34 14640 apache2-suexec-custom_2.4.46-4ubuntu1.5_armhf.deb 1df7805addb7f3a5abec889fad2c4bc3da62bcb3 10896 apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu1.5_armhf.ddeb b591d8ff4c84c30ead18f63f1dd14dc97883b410 13260 apache2-suexec-pristine_2.4.46-4ubuntu1.5_armhf.deb 260382b8be957691ed59a220a3f240b338376d77 117340 apache2-utils-dbgsym_2.4.46-4ubuntu1.5_armhf.ddeb 8edc762d47b37cdaef924b9d2a669fb1fb91c306 84044 apache2-utils_2.4.46-4ubuntu1.5_armhf.deb 8ebd6275263476c92b3ff16620a704273e909d78 12003 apache2_2.4.46-4ubuntu1.5_armhf.buildinfo ae95c1fdc6ac9a5d9251a484013186815c40f462 95692 apache2_2.4.46-4ubuntu1.5_armhf.deb 8364984085e7154cd7ccf19ad86fac0796a7a9bf 1004 libapache2-mod-md_2.4.46-4ubuntu1.5_armhf.deb d0cfa98427dd6edeba54982d8ef4776bb4f11fe6 1180 libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu1.5_armhf.deb Checksums-Sha256: 55b5e37e86a5dee00bfa78431a9c1765873d43d1d670e283fe54cb3caf77ef68 3138268 apache2-bin-dbgsym_2.4.46-4ubuntu1.5_armhf.ddeb 0e05e81526b100488e6d48ca3f5cb17e71e72294787dd78dcf8c06cf75a52de7 1043092 apache2-bin_2.4.46-4ubuntu1.5_armhf.deb 2b316dbee1bd4c45c5e25cc0652832d866a44241784b606faf320993405fbd63 180328 apache2-dev_2.4.46-4ubuntu1.5_armhf.deb b997da7778cee28d6a3c94eb235d7970ec6b3e597edaf57c3f14040532519c30 3168 apache2-ssl-dev_2.4.46-4ubuntu1.5_armhf.deb af7e2880831ee45383eb56124cc713c339ebdc5239aad82e9d9bc3f4450b70c2 12164 apache2-suexec-custom-dbgsym_2.4.46-4ubuntu1.5_armhf.ddeb 5f46f241b077a32be43267454662a58fd547f3dfc9e9acacb17967037928362f 14640 apache2-suexec-custom_2.4.46-4ubuntu1.5_armhf.deb 453cfcb7f3c915035d1ecdda5f6ce55e56d9200b0b6158b59f87ecefdbbe44ff 10896 apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu1.5_armhf.ddeb 99f5dd480d30eb3eda13d349457366d85ef44a23f00c772e5199ea6432b73ea7 13260 apache2-suexec-pristine_2.4.46-4ubuntu1.5_armhf.deb 5407417a4333ba9a862d3bd31187be8c6d89f374af6bdcec91c9d51baa4c5966 117340 apache2-utils-dbgsym_2.4.46-4ubuntu1.5_armhf.ddeb 9f143a983e26edf48a4e4f5ac3cb1d37c00d3e84e5adf8eecc71bd985b42be76 84044 apache2-utils_2.4.46-4ubuntu1.5_armhf.deb ef9b117dc4c16ecfbc3e32e9eeee9425cdfff72e3130060813e85fcbac445373 12003 apache2_2.4.46-4ubuntu1.5_armhf.buildinfo f8f26aacd7336b0bdc298c7e193f86f040a7d1f7ce47bfb46aa9bd0db02cd4ff 95692 apache2_2.4.46-4ubuntu1.5_armhf.deb 12f6afcf717d6797c34f9d885e8bb2418dc896e60f8d700e64bbf82963e678c5 1004 libapache2-mod-md_2.4.46-4ubuntu1.5_armhf.deb 4d9bd27bbe813afe43596b3114ef61f5557d7ff59f22bf4f0e6454cbf694f02a 1180 libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu1.5_armhf.deb Files: 9bbb069b282d2a9f20fac9723b94562e 3138268 debug optional apache2-bin-dbgsym_2.4.46-4ubuntu1.5_armhf.ddeb b3ff6bae64927e96ed71e17e04bf2962 1043092 httpd optional apache2-bin_2.4.46-4ubuntu1.5_armhf.deb fb4705e61a9617bc94503e301a2e8d7b 180328 httpd optional apache2-dev_2.4.46-4ubuntu1.5_armhf.deb 0005bc2830995be7ce0fc9c607cb0800 3168 httpd optional apache2-ssl-dev_2.4.46-4ubuntu1.5_armhf.deb 1cf0dd6666fcc9df7f5a249bae26e938 12164 debug optional apache2-suexec-custom-dbgsym_2.4.46-4ubuntu1.5_armhf.ddeb 2869986ce3a1661e9103b523b700726b 14640 httpd optional apache2-suexec-custom_2.4.46-4ubuntu1.5_armhf.deb 75beadb6b7e16137a101c6fdffb908b4 10896 debug optional apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu1.5_armhf.ddeb 912494b972b346ae2a704c1ad3f30fa5 13260 httpd optional apache2-suexec-pristine_2.4.46-4ubuntu1.5_armhf.deb 455d87ab82d363afcae56ad653d353f2 117340 debug optional apache2-utils-dbgsym_2.4.46-4ubuntu1.5_armhf.ddeb e0a1f92d1bf2d589b07936dd9b5cda86 84044 httpd optional apache2-utils_2.4.46-4ubuntu1.5_armhf.deb 836e4abf948e448273602b4df4d864ab 12003 httpd optional apache2_2.4.46-4ubuntu1.5_armhf.buildinfo 56925c896c938cf5b26d9174ed2b154c 95692 httpd optional apache2_2.4.46-4ubuntu1.5_armhf.deb 220bf94a5984b3cd1faeff7f9e0b1653 1004 oldlibs optional libapache2-mod-md_2.4.46-4ubuntu1.5_armhf.deb 975a3cdee4be08518d3e31a0e518cecc 1180 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu1.5_armhf.deb Original-Maintainer: Debian Apache Maintainers