Format: 1.8 Date: Wed, 05 Jan 2022 09:49:56 -0500 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: s390x Version: 2.4.41-4ubuntu3.9 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.41-4ubuntu3.9) focal-security; urgency=medium . * SECURITY UPDATE: DoS or SSRF via forward proxy - debian/patches/CVE-2021-44224-1.patch: enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname in include/http_protocol.h, modules/http/http_request.c, modules/http2/h2_request.c, modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c, server/protocol.c. - debian/patches/CVE-2021-44224-2.patch: don't prevent forwarding URIs w/ no hostname in modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c. - CVE-2021-44224 * SECURITY UPDATE: overflow in mod_lua multipart parser - debian/patches/CVE-2021-44790.patch: improve error handling in modules/lua/lua_request.c. - CVE-2021-44790 Checksums-Sha1: 8c9df686297ad131aad4994486bb3a31a5630c4d 4859564 apache2-bin-dbgsym_2.4.41-4ubuntu3.9_s390x.ddeb b5fdd0de94bfde952ead472111e67faa3c4f7cf1 1063600 apache2-bin_2.4.41-4ubuntu3.9_s390x.deb eb620dbd33125d54fdd09014251367c63105a8f3 179372 apache2-dev_2.4.41-4ubuntu3.9_s390x.deb f74020f9dd68f9ca36883197df32338e697d60a2 3156 apache2-ssl-dev_2.4.41-4ubuntu3.9_s390x.deb d2f3e60ce01a01cdf7544fdce4500011877a968f 12748 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.9_s390x.ddeb e81b1c5a3bd64711165749bb7a73eba441f99c1f 15156 apache2-suexec-custom_2.4.41-4ubuntu3.9_s390x.deb bf6a60943c940e60699aceac7644f9c3f72ae44e 11556 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.9_s390x.ddeb d3cf91b1808cfe452cd45bbbb37d113136cbdb97 13628 apache2-suexec-pristine_2.4.41-4ubuntu3.9_s390x.deb fc0209354e970f5a50e091c1e55051b14a8d16a3 139328 apache2-utils-dbgsym_2.4.41-4ubuntu3.9_s390x.ddeb 85eb3f270978571e729b33d56f6054fabea959bc 82584 apache2-utils_2.4.41-4ubuntu3.9_s390x.deb 4b2ded95178d8ec1a7ea8909fd31132d618efd0c 11722 apache2_2.4.41-4ubuntu3.9_s390x.buildinfo 2c4c9dc608561070226c2284b16210c21ec7df06 95532 apache2_2.4.41-4ubuntu3.9_s390x.deb 92a467aeed192e49eaaac1527a519423d0cbea49 988 libapache2-mod-md_2.4.41-4ubuntu3.9_s390x.deb eca8723afbb0fbb30f5e36dbecf40edcfa7e7c76 1184 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.9_s390x.deb Checksums-Sha256: 7660564c27390298da1d6586f7f28a119458bc1fe0d51d949a5fdf69749ed24a 4859564 apache2-bin-dbgsym_2.4.41-4ubuntu3.9_s390x.ddeb ee9edd5efea21b24fcc2c9122f890e3e958855c41d9d4a5b1c9bc8ea8396668a 1063600 apache2-bin_2.4.41-4ubuntu3.9_s390x.deb 1b12a6f13556c4f1bf021b81484d8fa18926851158b301ffff74bf4b09cfa1a6 179372 apache2-dev_2.4.41-4ubuntu3.9_s390x.deb 2aea1896e4ac7d6e307bff7f45015b5c4cba7f83dfadcb7900a4aeae048e3444 3156 apache2-ssl-dev_2.4.41-4ubuntu3.9_s390x.deb fb833ebc107aeaa573f14f0d5e616ffe6dd3380027766b5d6350a24506529c8a 12748 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.9_s390x.ddeb b6f18950b11f97fdda38d32d0f74c4a50bfd5a6def9b69c21a7e3e0d614c90d8 15156 apache2-suexec-custom_2.4.41-4ubuntu3.9_s390x.deb cc218d4388d991150ee86e7acf3cd8d4b3e87de4fa34bc337e92380a0efd652d 11556 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.9_s390x.ddeb ab5cdeb4991b551c5d4bc813ffe01aedb5a67905fe5c78990da05890ba8c1bf8 13628 apache2-suexec-pristine_2.4.41-4ubuntu3.9_s390x.deb b1a900aa53fbeb2d83728729aa8d4b106d67fb735d58f28e968ae72eda9516e4 139328 apache2-utils-dbgsym_2.4.41-4ubuntu3.9_s390x.ddeb 7727b19d6471bac61cc4d4b2b69946aad344bcd727b4bdb1cd19c2148a2a0c18 82584 apache2-utils_2.4.41-4ubuntu3.9_s390x.deb 967df3c5bbc9ac6a08ffa730dee32a2e42b1093c74ececa80b17afc83dc55179 11722 apache2_2.4.41-4ubuntu3.9_s390x.buildinfo 1deb670a85ea3281e32216f7a96876648c83a8a33bf2d1dac452eb889b035067 95532 apache2_2.4.41-4ubuntu3.9_s390x.deb 4e6f44d73bd5567180b8a8bcb36f6425c08f28472570134bfdf4126caa3b0d95 988 libapache2-mod-md_2.4.41-4ubuntu3.9_s390x.deb 810d13bd6891379b244cec510640b1d7c433d6d68bddf9a8c66f7db2efe86e8d 1184 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.9_s390x.deb Files: 4f86ce64bd4ebec103491a874c6b11c6 4859564 debug optional apache2-bin-dbgsym_2.4.41-4ubuntu3.9_s390x.ddeb 4d37c8890ccfbc52da7edbc8837fb0cd 1063600 httpd optional apache2-bin_2.4.41-4ubuntu3.9_s390x.deb 053ddb75c6f9686678f4baadd28c7ca5 179372 httpd optional apache2-dev_2.4.41-4ubuntu3.9_s390x.deb 4601c7fe889b3daddd78b744f076f48b 3156 httpd optional apache2-ssl-dev_2.4.41-4ubuntu3.9_s390x.deb 1912fe2c70c49d20d8c855b4fafd43bf 12748 debug optional apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.9_s390x.ddeb 5090722c4278fb05d948bf4bfa15982d 15156 httpd optional apache2-suexec-custom_2.4.41-4ubuntu3.9_s390x.deb ea9267b253ec555b95beeb58006b23b2 11556 debug optional apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.9_s390x.ddeb 736a840c39ad09bcedac69aa45792ad6 13628 httpd optional apache2-suexec-pristine_2.4.41-4ubuntu3.9_s390x.deb 8fb57561af3f76c0dc38cfec8efd37ca 139328 debug optional apache2-utils-dbgsym_2.4.41-4ubuntu3.9_s390x.ddeb 786bb11c7aa061dee8a7c420d3c18264 82584 httpd optional apache2-utils_2.4.41-4ubuntu3.9_s390x.deb 7735d37f9f2f1b979f950d944bbc4136 11722 httpd optional apache2_2.4.41-4ubuntu3.9_s390x.buildinfo 8d481f5915db859a4ed6ab9eb27f5777 95532 httpd optional apache2_2.4.41-4ubuntu3.9_s390x.deb 81c07ec9cb1d72281cb13ef2428ddf51 988 oldlibs optional libapache2-mod-md_2.4.41-4ubuntu3.9_s390x.deb 37502dd083558373c56294b0ccfd336a 1184 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.9_s390x.deb Original-Maintainer: Debian Apache Maintainers