UbuntuUpdates.org

Package "libapache2-mod-proxy-uwsgi"

Name: libapache2-mod-proxy-uwsgi

Description:

transitional package

Latest version: 2.4.41-4ubuntu3.12
Release: focal (20.04)
Level: security
Repository: universe
Head package: apache2
Homepage: https://httpd.apache.org/

Links


Download "libapache2-mod-proxy-uwsgi"


Other versions of "libapache2-mod-proxy-uwsgi" in Focal

Repository Area Version
base universe 2.4.41-4ubuntu3
updates universe 2.4.41-4ubuntu3.12

Changelog

Version: 2.4.41-4ubuntu3.12 2022-06-21 15:06:23 UTC

  apache2 (2.4.41-4ubuntu3.12) focal-security; urgency=medium

  * SECURITY UPDATE: HTTP Request Smuggling
    - debian/patches/CVE-2022-26377.patch: changing
      precedence between T-E and C-L in modules/proxy/mod_proxy_ajp.c.
    - CVE-2022-26377
  * SECURITY UPDATE: Read beyond bounds
    - debian/patches/CVE-2022-28614.patch: handle large
      writes in ap_rputs.
      in server/util.c.
    - CVE-2022-28614
  * SECURITY UPDATE: Read beyond bounds
    - debian/patches/CVE-2022-28615.patch: fix types
      in server/util.c.
    - CVE-2022-28615
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2022-29404.patch: cast first
      in modules/lua/lua_request.c.
    - CVE-2022-29404
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2022-30522.patch: limit mod_sed
      memory use in modules/filters/mod_sec.c,
      modules/filters/sed1.c.
    - CVE-2022-30522
  * SECURITY UPDATE: Returning point past of the buffer
    - debian/patches/CVE-2022-30556.patch: use filters consistently
      in modules/lua/lua_request.c.
    - CVE-2022-30556
  * SECURITY UPDATE: Bypass IP authentication
    - debian/patches/CVE-2022-31813.patch: to clear
      hop-by-hop first and fixup last in modules/proxy/proxy_util.c.
    - CVE-2022-31813

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 14 Jun 2022 10:30:55 -0300

Source diff to previous version
CVE-2022-26377 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to sm
CVE-2022-28614 The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very larg
CVE-2022-28615 Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extrem
CVE-2022-29404 In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no defau
CVE-2022-30522 If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may m
CVE-2022-30556 Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the
CVE-2022-31813 Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop m

Version: 2.4.41-4ubuntu3.10 2022-03-19 14:07:08 UTC

  apache2 (2.4.41-4ubuntu3.10) focal-security; urgency=medium

  * SECURITY UPDATE: OOB read in mod_lua via crafted request body
    - debian/patches/CVE-2022-22719.patch: error out if lua_read_body() or
      lua_write_body() fail in modules/lua/lua_request.c.
    - CVE-2022-22719
  * SECURITY UPDATE: HTTP Request Smuggling via error discarding the
    request body
    - debian/patches/CVE-2022-22720.patch: simpler connection close logic
      if discarding the request body fails in modules/http/http_filters.c,
      server/protocol.c.
    - CVE-2022-22720
  * SECURITY UPDATE: overflow via large LimitXMLRequestBody
    - debian/patches/CVE-2022-22721.patch: make sure and check that
      LimitXMLRequestBody fits in system memory in server/core.c,
      server/util.c, server/util_xml.c.
    - CVE-2022-22721
  * SECURITY UPDATE: out-of-bounds write in mod_sed
    - debian/patches/CVE-2022-23943-1.patch: use size_t to allow for larger
      buffer sizes and unsigned arithmetics in modules/filters/libsed.h,
      modules/filters/mod_sed.c, modules/filters/sed1.c.
    - debian/patches/CVE-2022-23943-2.patch: improve the logic flow in
      modules/filters/mod_sed.c.
    - CVE-2022-23943

 -- Marc Deslauriers <email address hidden> Wed, 16 Mar 2022 12:52:53 -0400

Source diff to previous version
CVE-2022-22719 A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Serv
CVE-2022-22720 Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server
CVE-2022-22721 If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later ca
CVE-2022-23943 Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data.

Version: 2.4.41-4ubuntu3.9 2022-01-06 16:06:30 UTC

  apache2 (2.4.41-4ubuntu3.9) focal-security; urgency=medium

  * SECURITY UPDATE: DoS or SSRF via forward proxy
    - debian/patches/CVE-2021-44224-1.patch: enforce that fully qualified
      uri-paths not to be forward-proxied have an http(s) scheme, and that
      the ones to be forward proxied have a hostname in
      include/http_protocol.h, modules/http/http_request.c,
      modules/http2/h2_request.c, modules/proxy/mod_proxy.c,
      modules/proxy/proxy_util.c, server/protocol.c.
    - debian/patches/CVE-2021-44224-2.patch: don't prevent forwarding URIs
      w/ no hostname in modules/proxy/mod_proxy.c,
      modules/proxy/proxy_util.c.
    - CVE-2021-44224
  * SECURITY UPDATE: overflow in mod_lua multipart parser
    - debian/patches/CVE-2021-44790.patch: improve error handling in
      modules/lua/lua_request.c.
    - CVE-2021-44790

 -- Marc Deslauriers <email address hidden> Wed, 05 Jan 2022 09:49:56 -0500

Source diff to previous version
CVE-2021-44224 A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixi
CVE-2021-44790 A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache http

Version: 2.4.41-4ubuntu3.6 2021-09-28 15:07:32 UTC

  apache2 (2.4.41-4ubuntu3.6) focal-security; urgency=medium

  * SECURITY REGRESSION: Issues in UDS URIs (LP: #1945311)
    - debian/patches/CVE-2021-40438-2.patch: Fix UDS unix: scheme for P
      rules in modules/mappers/mod_rewrite.c.
    - debian/patches/CVE-2021-40438-3.patch: Handle UDS URIs with empty
      hostname in modules/mappers/mod_rewrite.c,
      modules/proxy/proxy_util.c.

 -- Marc Deslauriers <email address hidden> Tue, 28 Sep 2021 07:00:45 -0400

Source diff to previous version
1945311 Fix for CVE-2021-40438 breaks existing configs
CVE-2021-40438 A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP

Version: 2.4.41-4ubuntu3.5 2021-09-27 15:06:23 UTC

  apache2 (2.4.41-4ubuntu3.5) focal-security; urgency=medium

  * SECURITY UPDATE: request splitting over HTTP/2
    - debian/patches/CVE-2021-33193-pre1.patch: process early errors via a
      dummy HTTP/1.1 request as well in modules/http2/h2.h,
      modules/http2/h2_request.c, modules/http2/h2_session.c,
      modules/http2/h2_stream.c.
    - debian/patches/CVE-2021-33193-pre2.patch: sync with github standalone
      version 1.15.17 in modules/http2/h2_bucket_beam.c,
      modules/http2/h2_config.c, modules/http2/h2_config.h,
      modules/http2/h2_h2.c, modules/http2/h2_headers.c,
      modules/http2/h2_headers.h, modules/http2/h2_mplx.c,
      modules/http2/h2_request.c, modules/http2/h2_stream.h,
      modules/http2/h2_task.c, modules/http2/h2_task.h,
      modules/http2/h2_version.h.
    - debian/patches/CVE-2021-33193.patch: refactor request parsing in
      include/ap_mmn.h, include/http_core.h, include/http_protocol.h,
      include/http_vhost.h, modules/http2/h2_request.c, server/core.c,
      server/core_filters.c, server/protocol.c, server/vhost.c.
    - CVE-2021-33193
  * SECURITY UPDATE: NULL deref via malformed requests
    - debian/patches/CVE-2021-34798.patch: add NULL check in
      server/scoreboard.c.
    - CVE-2021-34798
  * SECURITY UPDATE: DoS in mod_proxy_uwsgi
    - debian/patches/CVE-2021-36160.patch: fix PATH_INFO setting for
      generic worker in modules/proxy/mod_proxy_uwsgi.c.
    - CVE-2021-36160
  * SECURITY UPDATE: buffer overflow in ap_escape_quotes
    - debian/patches/CVE-2021-39275.patch: fix ap_escape_quotes
      substitution logic in server/util.c.
    - CVE-2021-39275
  * SECURITY UPDATE: arbitrary origin server via crafted request uri-path
    - debian/patches/CVE-2021-40438-pre1.patch: faster unix socket path
      parsing in the "proxy:" URL in modules/proxy/mod_proxy.c,
      modules/proxy/proxy_util.c.
    - debian/patches/CVE-2021-40438.patch: add sanity checks on the
      configured UDS path in modules/proxy/proxy_util.c.
    - CVE-2021-40438

 -- Marc Deslauriers <email address hidden> Thu, 23 Sep 2021 12:58:57 -0400

CVE-2021-33193 A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. Th
CVE-2021-34798 Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-36160 A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Ser
CVE-2021-39275 ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but t
CVE-2021-40438 A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP



About   -   Send Feedback to @ubuntu_updates