Package "apache2"
Name: |
apache2
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- Apache HTTP Server configurable suexec program for mod_suexec
- Apache HTTP Server standard suexec program for mod_suexec
- transitional package
- transitional package
|
Latest version: |
2.4.57-2ubuntu2.4 |
Release: |
mantic (23.10) |
Level: |
security |
Repository: |
universe |
Links
Other versions of "apache2" in Mantic
Packages in group
Deleted packages are displayed in grey.
Changelog
apache2 (2.4.57-2ubuntu2.4) mantic-security; urgency=medium
* SECURITY UPDATE: HTTP response splitting
- debian/patches/CVE-2023-38709.patch: header validation after
content-* are eval'ed in modules/http/http_filters.c.
- CVE-2023-38709
* SECURITY UPDATE: HTTP Response Splitting in multiple modules
- debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for
non-http handlers in include/util_script.h,
modules/aaa/mod_authnz_fcgi.c, modules/generators/mod_cgi.c,
modules/generators/mod_cgid.c, modules/http/http_filters.c,
modules/proxy/ajp_header.c, modules/proxy/mod_proxy_fcgi.c,
modules/proxy/mod_proxy_scgi.c, modules/proxy/mod_proxy_uwsgi.c.
- CVE-2024-24795
* SECURITY UPDATE: HTTP/2 DoS by memory exhaustion on endless
continuation frames
- debian/patches/CVE-2024-27316.patch: bail after too many failed reads
in modules/http2/h2_session.c, modules/http2/h2_stream.c,
modules/http2/h2_stream.h.
- CVE-2024-27316
-- Marc Deslauriers <email address hidden> Wed, 10 Apr 2024 13:41:02 -0400
|
Source diff to previous version |
CVE-2023-38709 |
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects |
CVE-2024-24795 |
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applicat |
CVE-2024-27316 |
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client do |
|
apache2 (2.4.57-2ubuntu2.1) mantic-security; urgency=medium
* SECURITY UPDATE: mod_macro buffer over-read
- debian/patches/CVE-2023-31122.patch: fix length in
modules/core/mod_macro.c.
- CVE-2023-31122
* SECURITY UPDATE: Multiple issues in HTTP/2
- CVE-2023-43622: DoS in HTTP/2 with initial windows size 0
- CVE-2023-45802: HTTP/2 stream memory not reclaimed right away on RST
- debian/patches/update_http2.patch: backport version 2.0.22 of
mod_http2 from httpd 2.4.58.
- CVE-2023-43622
- CVE-2023-45802
-- Marc Deslauriers <email address hidden> Thu, 26 Oct 2023 09:28:30 -0400
|
About
-
Send Feedback to @ubuntu_updates