Format: 1.8 Date: Wed, 05 Jan 2022 09:50:41 -0500 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: armhf Version: 2.4.29-1ubuntu4.21 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.29-1ubuntu4.21) bionic-security; urgency=medium . * SECURITY UPDATE: DoS or SSRF via forward proxy - debian/patches/CVE-2021-44224-1.patch: enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname in include/http_protocol.h, modules/http/http_request.c, modules/http2/h2_request.c, modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c, server/protocol.c. - debian/patches/CVE-2021-44224-2.patch: don't prevent forwarding URIs w/ no hostname in modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c. - CVE-2021-44224 * SECURITY UPDATE: overflow in mod_lua multipart parser - debian/patches/CVE-2021-44790.patch: improve error handling in modules/lua/lua_request.c. - CVE-2021-44790 Checksums-Sha1: 9e15ab665aa76279e61b5adb422e7a105b8d158e 933984 apache2-bin_2.4.29-1ubuntu4.21_armhf.deb c70edb0b4db2614c26e33d44815f4d3f8720695b 3916996 apache2-dbg_2.4.29-1ubuntu4.21_armhf.deb def02a1defd47469627da6a17ebe509fbdf732a8 177684 apache2-dev_2.4.29-1ubuntu4.21_armhf.deb 6b204bf75029023f9761a4921654a5c4c3b5e364 2392 apache2-ssl-dev_2.4.29-1ubuntu4.21_armhf.deb 6272654c34cae874dfa09babd2812e0a3d597d5f 14556 apache2-suexec-custom_2.4.29-1ubuntu4.21_armhf.deb eb68df3f31ba58bfcfd23cbe884bd88fc7ba47fe 13072 apache2-suexec-pristine_2.4.29-1ubuntu4.21_armhf.deb eccf18d35a570b1b6293d2c644521eda8f51a680 83580 apache2-utils_2.4.29-1ubuntu4.21_armhf.deb e13a2d9840f7fbe9983174537e3fd3a602f762e4 10145 apache2_2.4.29-1ubuntu4.21_armhf.buildinfo a3d44f0bc2279704c1ae5ddca92a3585e2605821 95148 apache2_2.4.29-1ubuntu4.21_armhf.deb Checksums-Sha256: 05dff27df19b869e6a5205a401edc2267f90623b8e3e7c86eb1b2755fbaa37a3 933984 apache2-bin_2.4.29-1ubuntu4.21_armhf.deb ba90fdadc1d83dc90fc62f0088f841cc8fc3ab49cd068a5f7971cdb31add7218 3916996 apache2-dbg_2.4.29-1ubuntu4.21_armhf.deb a134e7440e504effe4a03528a312caa9504cdfe156abe1aafb51a810af9c873b 177684 apache2-dev_2.4.29-1ubuntu4.21_armhf.deb bf0dbd0a7e85c937a0fb775b3b43e766402fc1ebb8f9041f81a0cb778c3c3900 2392 apache2-ssl-dev_2.4.29-1ubuntu4.21_armhf.deb 86545e995ec5ad8a4332e49ea6b6bb9b6ced1ff0bf5b22a2a8c5c24ae9b6c0b3 14556 apache2-suexec-custom_2.4.29-1ubuntu4.21_armhf.deb b6edb344bdcd0b139c824a6aebabab938b481f210e49e3eb5756849a3d8dd5f1 13072 apache2-suexec-pristine_2.4.29-1ubuntu4.21_armhf.deb 919c4ded0b1486c0227e7810bb90cc89617e8b36327ce5bd27768d605f4fbdd9 83580 apache2-utils_2.4.29-1ubuntu4.21_armhf.deb fdb0e62b0c698525b00f053e427679f76a267745d57135e813ef62672890392f 10145 apache2_2.4.29-1ubuntu4.21_armhf.buildinfo dd61484bc808132c8431e222a63523099a528f673c1e80f490bdc2a0e3c8fcbf 95148 apache2_2.4.29-1ubuntu4.21_armhf.deb Files: a8a912bbf46b49826728d9a9ce0d6aa7 933984 httpd optional apache2-bin_2.4.29-1ubuntu4.21_armhf.deb c242a96b286c472f6327299fb9566ade 3916996 debug optional apache2-dbg_2.4.29-1ubuntu4.21_armhf.deb cd51706f3a1a10935cf0438fb19f1837 177684 httpd optional apache2-dev_2.4.29-1ubuntu4.21_armhf.deb 37e034d3dc1323c95fa7d6d7698d5753 2392 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.21_armhf.deb d31acc4f44d7ae02d910146d5b15adf3 14556 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.21_armhf.deb 9e42eb943b6949b4d3292e5a47c54072 13072 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.21_armhf.deb 76be59394e3bf863cd605006058bf6aa 83580 httpd optional apache2-utils_2.4.29-1ubuntu4.21_armhf.deb 188c7057af5ddb33f62670763bba971b 10145 httpd optional apache2_2.4.29-1ubuntu4.21_armhf.buildinfo 8987a3282aa6ee1fb82302c3529ae9f9 95148 httpd optional apache2_2.4.29-1ubuntu4.21_armhf.deb Original-Maintainer: Debian Apache Maintainers