UbuntuUpdates.org

Package "apache2"

Name: apache2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Apache HTTP Server configurable suexec program for mod_suexec
  • Apache HTTP Server standard suexec program for mod_suexec
  • transitional package
  • transitional package

Latest version: 2.4.48-3.1ubuntu3.2
Release: impish (21.10)
Level: updates
Repository: universe

Links



Other versions of "apache2" in Impish

Repository Area Version
base main 2.4.48-3.1ubuntu3
base universe 2.4.48-3.1ubuntu3
security main 2.4.48-3.1ubuntu3.2
security universe 2.4.48-3.1ubuntu3.2
updates main 2.4.48-3.1ubuntu3.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.4.48-3.1ubuntu3.2 2022-01-06 17:06:43 UTC

  apache2 (2.4.48-3.1ubuntu3.2) impish-security; urgency=medium

  * SECURITY UPDATE: DoS or SSRF via forward proxy
    - debian/patches/CVE-2021-44224-1.patch: enforce that fully qualified
      uri-paths not to be forward-proxied have an http(s) scheme, and that
      the ones to be forward proxied have a hostname in
      include/http_protocol.h, modules/http/http_request.c,
      modules/http2/h2_request.c, modules/proxy/mod_proxy.c,
      modules/proxy/proxy_util.c, server/protocol.c.
    - debian/patches/CVE-2021-44224-2.patch: don't prevent forwarding URIs
      w/ no hostname in modules/proxy/mod_proxy.c,
      modules/proxy/proxy_util.c.
    - CVE-2021-44224
  * SECURITY UPDATE: overflow in mod_lua multipart parser
    - debian/patches/CVE-2021-44790.patch: improve error handling in
      modules/lua/lua_request.c.
    - CVE-2021-44790

 -- Marc Deslauriers <email address hidden> Wed, 05 Jan 2022 09:29:15 -0500

Source diff to previous version
CVE-2021-44224 A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixi
CVE-2021-44790 A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache http

Version: 2.4.48-3.1ubuntu3.1 2021-12-02 17:06:24 UTC

  apache2 (2.4.48-3.1ubuntu3.1) impish; urgency=medium

  * Revert fix from 2.4.46-1ubuntu2, due to performance regression.
    (LP 1832182)

 -- Bryce Harrington <email address hidden> Sun, 14 Nov 2021 23:49:31 +0000




About   -   Send Feedback to @ubuntu_updates