UbuntuUpdates.org

Package "apache2"

Name: apache2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Apache HTTP Server configurable suexec program for mod_suexec
  • Apache HTTP Server standard suexec program for mod_suexec
  • transitional package
  • transitional package
Latest version: 2.4.52-1ubuntu4.9
Release: jammy (22.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "apache2" in Jammy

Repository Area Version
base main 2.4.52-1ubuntu4
base universe 2.4.52-1ubuntu4
security main 2.4.52-1ubuntu4.9
security universe 2.4.52-1ubuntu4.9
updates main 2.4.52-1ubuntu4.9

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.4.52-1ubuntu4.9 2024-04-11 19:06:56 UTC

  apache2 (2.4.52-1ubuntu4.9) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP response splitting
    - debian/patches/CVE-2023-38709.patch: header validation after
      content-* are eval'ed in modules/http/http_filters.c.
    - CVE-2023-38709
  * SECURITY UPDATE: HTTP Response Splitting in multiple modules
    - debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for
      non-http handlers in include/util_script.h,
      modules/aaa/mod_authnz_fcgi.c, modules/generators/mod_cgi.c,
      modules/generators/mod_cgid.c, modules/http/http_filters.c,
      modules/proxy/ajp_header.c, modules/proxy/mod_proxy_fcgi.c,
      modules/proxy/mod_proxy_scgi.c, modules/proxy/mod_proxy_uwsgi.c.
    - CVE-2024-24795
  * SECURITY UPDATE: HTTP/2 DoS by memory exhaustion on endless
    continuation frames
    - debian/patches/CVE-2024-27316.patch: bail after too many failed reads
      in modules/http2/h2_session.c, modules/http2/h2_stream.c,
      modules/http2/h2_stream.h.
    - CVE-2024-27316

 -- Marc Deslauriers <email address hidden> Wed, 10 Apr 2024 13:45:18 -0400
Source diff to previous version
CVE-2023-38709 Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects
CVE-2024-24795 HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applicat
CVE-2024-27316 HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client do

Version: 2.4.52-1ubuntu4.8 2024-03-13 09:06:55 UTC

  apache2 (2.4.52-1ubuntu4.8) jammy; urgency=medium

  * d/c/m/setenvif.conf, d/p/fix-dolphin-to-delete-webdav-dirs.patch: Add
    dolphin and Konqueror/5 careful redirection so that directories can be
    deleted via webdav.
    (LP: #1927742)

 -- Bryce Harrington <email address hidden> Tue, 16 Jan 2024 19:00:18 -0800
Source diff to previous version
1927742 dolphin in focal can't delete webdav directories running on focal's apache

Version: 2.4.52-1ubuntu4.7 2023-11-22 17:07:06 UTC

  apache2 (2.4.52-1ubuntu4.7) jammy-security; urgency=medium

  * SECURITY UPDATE: mod_macro buffer over-read
    - debian/patches/CVE-2023-31122.patch: fix length in
      modules/core/mod_macro.c.
    - CVE-2023-31122
  * SECURITY UPDATE: Multiple issues in HTTP/2
    - CVE-2023-43622: DoS in HTTP/2 with initial windows size 0
    - CVE-2023-45802: HTTP/2 stream memory not reclaimed right away on RST
    - debian/patches/update_http2.patch: backport version 2.0.22 of
      mod_http2 from httpd 2.4.58.
    - CVE-2023-43622
    - CVE-2023-45802

 -- Marc Deslauriers <email address hidden> Thu, 26 Oct 2023 09:44:44 -0400
Source diff to previous version

Version: 2.4.52-1ubuntu4.6 2023-08-02 14:07:20 UTC

  apache2 (2.4.52-1ubuntu4.6) jammy; urgency=medium

  * d/p/reenable-workers-in-standard-error-state-jammy-apache2.patch:
    fix issue with workers in apache2 which could not recover from its
    error state (LP: #2003189)

 -- Michal Maloszewski <email address hidden> Wed, 03 May 2023 22:02:51 +0200
Source diff to previous version
2003189 Passing health check does not recover worker from its error state

Version: 2.4.52-1ubuntu4.5 2023-04-27 15:11:17 UTC

  apache2 (2.4.52-1ubuntu4.5) jammy; urgency=medium

  * d/p/mod_proxy_hcheck_jammy_fix_to_detect_support.patch: Fix issue
    where enabling mod_proxy_hcheck results in error (LP: #1998311)

 -- Michal Maloszewski <email address hidden> Wed, 01 Mar 2023 23:43:55 +0100
1998311 mod_proxy_hcheck does not detect AJP/CPING support


About   -   Send Feedback to @ubuntu_updates