Format: 1.8 Date: Wed, 05 Jan 2022 09:50:41 -0500 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: s390x Version: 2.4.29-1ubuntu4.21 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.29-1ubuntu4.21) bionic-security; urgency=medium . * SECURITY UPDATE: DoS or SSRF via forward proxy - debian/patches/CVE-2021-44224-1.patch: enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname in include/http_protocol.h, modules/http/http_request.c, modules/http2/h2_request.c, modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c, server/protocol.c. - debian/patches/CVE-2021-44224-2.patch: don't prevent forwarding URIs w/ no hostname in modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c. - CVE-2021-44224 * SECURITY UPDATE: overflow in mod_lua multipart parser - debian/patches/CVE-2021-44790.patch: improve error handling in modules/lua/lua_request.c. - CVE-2021-44790 Checksums-Sha1: a9440101a7f254f0516c0b996ebaaff9462e1c48 978368 apache2-bin_2.4.29-1ubuntu4.21_s390x.deb 2067f41ba52b06348a95292253ff9fe613edac31 4076536 apache2-dbg_2.4.29-1ubuntu4.21_s390x.deb 5dd5cf922252f09209e55f7c3901509daf9d19c0 177664 apache2-dev_2.4.29-1ubuntu4.21_s390x.deb 8b0d95e513a15a798b9f72d28170fe7fad4270e3 2396 apache2-ssl-dev_2.4.29-1ubuntu4.21_s390x.deb ad703b60d26be2d2c0813217756355fe1599c1e1 15116 apache2-suexec-custom_2.4.29-1ubuntu4.21_s390x.deb d450f4a573866210bd73e427318b9d51e12dcc1b 13592 apache2-suexec-pristine_2.4.29-1ubuntu4.21_s390x.deb ff59107c64d130bbb779bbe78a0a3d5cb2559aad 81552 apache2-utils_2.4.29-1ubuntu4.21_s390x.deb 6f21694a168989145fa65166dcac28a013837d94 10137 apache2_2.4.29-1ubuntu4.21_s390x.buildinfo 1fb8d02d42e927c9fae8717e5beb321b0d8dde23 95148 apache2_2.4.29-1ubuntu4.21_s390x.deb Checksums-Sha256: b2e3b9e2394bd7dd97eaf23e8d8815fd8229002d3a2ac3b55903b8fdfd685c8e 978368 apache2-bin_2.4.29-1ubuntu4.21_s390x.deb b79e1348bc8867adc356b5342082c7ac8a00e089f4f8fd360365bdcec61b2857 4076536 apache2-dbg_2.4.29-1ubuntu4.21_s390x.deb 47a962dfecaa83d170aa97d0a79a15cb815768c94d8487251b18d384dabf6feb 177664 apache2-dev_2.4.29-1ubuntu4.21_s390x.deb 77c679eed8116693b9c102887792e81d29d926fef3239366d5b6eed557ef35eb 2396 apache2-ssl-dev_2.4.29-1ubuntu4.21_s390x.deb 1bbf9aa5cebec28868c04cf04d777f0826c906cdad0d272f0e56f0c9ad16135e 15116 apache2-suexec-custom_2.4.29-1ubuntu4.21_s390x.deb 47b3640064cd854d92fa0483538c94058b316f568d1406433b7ed55b9d76d785 13592 apache2-suexec-pristine_2.4.29-1ubuntu4.21_s390x.deb 591fd1d69c5273456bbab0ff1d202408569145128be8c11137056f14dd8d35d3 81552 apache2-utils_2.4.29-1ubuntu4.21_s390x.deb d3dc9a76b63bcffda9d1f42eddd26e16e8dba49d89364ca121620bba63c20093 10137 apache2_2.4.29-1ubuntu4.21_s390x.buildinfo 36e1af0b884ebd6a1d433f86d6ddb3bceff85ce92e08ee62d95850b4d3753c74 95148 apache2_2.4.29-1ubuntu4.21_s390x.deb Files: 1e385baa84989e1af37e28a1b5f44c0b 978368 httpd optional apache2-bin_2.4.29-1ubuntu4.21_s390x.deb c4ab694d96f904f980ad60eec80500e0 4076536 debug optional apache2-dbg_2.4.29-1ubuntu4.21_s390x.deb 00a37c3ccb09f86f39a8007af34766e7 177664 httpd optional apache2-dev_2.4.29-1ubuntu4.21_s390x.deb 8df3d57ced51cf82e8d3b5ee7e70c816 2396 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.21_s390x.deb 32ea1b9bce6ad5373f96191ef1349183 15116 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.21_s390x.deb b9041afd978f0902c83c04404545c0db 13592 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.21_s390x.deb ddbfd32996b09697a46c73db6b8c71dd 81552 httpd optional apache2-utils_2.4.29-1ubuntu4.21_s390x.deb 154b11a44d50272365db4fe204bd510e 10137 httpd optional apache2_2.4.29-1ubuntu4.21_s390x.buildinfo 6ab4591f723e0b22409b71c7141101de 95148 httpd optional apache2_2.4.29-1ubuntu4.21_s390x.deb Original-Maintainer: Debian Apache Maintainers