Format: 1.8 Date: Wed, 05 Jan 2022 09:50:41 -0500 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: ppc64el Version: 2.4.29-1ubuntu4.21 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.29-1ubuntu4.21) bionic-security; urgency=medium . * SECURITY UPDATE: DoS or SSRF via forward proxy - debian/patches/CVE-2021-44224-1.patch: enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname in include/http_protocol.h, modules/http/http_request.c, modules/http2/h2_request.c, modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c, server/protocol.c. - debian/patches/CVE-2021-44224-2.patch: don't prevent forwarding URIs w/ no hostname in modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c. - CVE-2021-44224 * SECURITY UPDATE: overflow in mod_lua multipart parser - debian/patches/CVE-2021-44790.patch: improve error handling in modules/lua/lua_request.c. - CVE-2021-44790 Checksums-Sha1: 332690c67f7f464a64c03124ca4479786257fd47 1096224 apache2-bin_2.4.29-1ubuntu4.21_ppc64el.deb c6777ab68132f6bb4ef5970583d54d7e4dfd2086 4451636 apache2-dbg_2.4.29-1ubuntu4.21_ppc64el.deb e6b97b0f2a5cf5b04057c43b0b8febc7a135d88b 177680 apache2-dev_2.4.29-1ubuntu4.21_ppc64el.deb 3f473a1daf23e9a905bb4df9acfb476dcf7fd31d 2396 apache2-ssl-dev_2.4.29-1ubuntu4.21_ppc64el.deb 1aa1c2641c3e483176bdb54a895181860c7b716e 15180 apache2-suexec-custom_2.4.29-1ubuntu4.21_ppc64el.deb 5728b2fe869e1d0e2ad1c6153edf7e58e706a851 13636 apache2-suexec-pristine_2.4.29-1ubuntu4.21_ppc64el.deb c08ef06fa087e6b68d11245929d8f3c5a9387b28 84840 apache2-utils_2.4.29-1ubuntu4.21_ppc64el.deb 6dd877326d30867cbbfa15f59519c0644c393916 10270 apache2_2.4.29-1ubuntu4.21_ppc64el.buildinfo 96cb26237e8f0879da3d476c93dd74518fcbfe9a 95156 apache2_2.4.29-1ubuntu4.21_ppc64el.deb Checksums-Sha256: cfaf90facf59e639c05408f1d4d5f7148dea200e73fa7b5a673d23766c77ccac 1096224 apache2-bin_2.4.29-1ubuntu4.21_ppc64el.deb 0efca496ee776039af7a50cfb4ccf65d29d175c1c7db438dc59b7a6510847f28 4451636 apache2-dbg_2.4.29-1ubuntu4.21_ppc64el.deb b2989f7b59eed25434979ee55ef51783294b6992ee0ffdab3763dc7aa2cf313d 177680 apache2-dev_2.4.29-1ubuntu4.21_ppc64el.deb bc53a2fca1aa42cc84f559ab461a3951ffbeaea998942efe24cf19ae81af6f20 2396 apache2-ssl-dev_2.4.29-1ubuntu4.21_ppc64el.deb 00a569d7bac54b597052171530548258949bb4f3bc169b19c7d59f6fcbf746cb 15180 apache2-suexec-custom_2.4.29-1ubuntu4.21_ppc64el.deb a09bb6cf03a4bda288fabf336e8ee1a0a227825875d636efb83ccfde2709c12d 13636 apache2-suexec-pristine_2.4.29-1ubuntu4.21_ppc64el.deb 1b4fbe3d46641cc57239ce83ae3978f52f00db82b82cf89f47fb36c4c57a3b0e 84840 apache2-utils_2.4.29-1ubuntu4.21_ppc64el.deb 9b2f4f4c65cc6e212c692d11ee8a9b2cecb724482be63191541e15c385d56c1a 10270 apache2_2.4.29-1ubuntu4.21_ppc64el.buildinfo 835a32601242143e1142da1d8fafb971b89b3c9eb7c34c07133696a906731b78 95156 apache2_2.4.29-1ubuntu4.21_ppc64el.deb Files: 3fec9fcf3baa8f726ad11fe13c28b82b 1096224 httpd optional apache2-bin_2.4.29-1ubuntu4.21_ppc64el.deb be5c4c1655287d6d57d1a2868ec4e6e2 4451636 debug optional apache2-dbg_2.4.29-1ubuntu4.21_ppc64el.deb 16e763399cb1ecc64836fa26003eb0e6 177680 httpd optional apache2-dev_2.4.29-1ubuntu4.21_ppc64el.deb c7bab2bdf491630f474402fcc9f04960 2396 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.21_ppc64el.deb 9d34824c96178e6a5c49a9b0364cdafc 15180 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.21_ppc64el.deb 2c9430249fc720c8aef9ed35b109530b 13636 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.21_ppc64el.deb d1c667240f5b14efe1afcdcda1a39264 84840 httpd optional apache2-utils_2.4.29-1ubuntu4.21_ppc64el.deb 97ea6b51210262200b44cd5a715ecc39 10270 httpd optional apache2_2.4.29-1ubuntu4.21_ppc64el.buildinfo ee5956a0e5da1addd6caa6e915e47b1b 95156 httpd optional apache2_2.4.29-1ubuntu4.21_ppc64el.deb Original-Maintainer: Debian Apache Maintainers