UbuntuUpdates.org

Package "apache2-suexec-custom"

Name: apache2-suexec-custom

Description:

Apache HTTP Server configurable suexec program for mod_suexec

Latest version: 2.4.52-1ubuntu4.8
Release: jammy (22.04)
Level: updates
Repository: universe
Head package: apache2
Homepage: https://httpd.apache.org/

Links


Download "apache2-suexec-custom"


Other versions of "apache2-suexec-custom" in Jammy

Repository Area Version
base universe 2.4.52-1ubuntu4
security universe 2.4.52-1ubuntu4.7

Changelog

Version: 2.4.52-1ubuntu4.8 2024-03-13 09:06:55 UTC

  apache2 (2.4.52-1ubuntu4.8) jammy; urgency=medium

  * d/c/m/setenvif.conf, d/p/fix-dolphin-to-delete-webdav-dirs.patch: Add
    dolphin and Konqueror/5 careful redirection so that directories can be
    deleted via webdav.
    (LP: #1927742)

 -- Bryce Harrington <email address hidden> Tue, 16 Jan 2024 19:00:18 -0800

Source diff to previous version
1927742 dolphin in focal can't delete webdav directories running on focal's apache

Version: 2.4.52-1ubuntu4.7 2023-11-22 17:07:06 UTC

  apache2 (2.4.52-1ubuntu4.7) jammy-security; urgency=medium

  * SECURITY UPDATE: mod_macro buffer over-read
    - debian/patches/CVE-2023-31122.patch: fix length in
      modules/core/mod_macro.c.
    - CVE-2023-31122
  * SECURITY UPDATE: Multiple issues in HTTP/2
    - CVE-2023-43622: DoS in HTTP/2 with initial windows size 0
    - CVE-2023-45802: HTTP/2 stream memory not reclaimed right away on RST
    - debian/patches/update_http2.patch: backport version 2.0.22 of
      mod_http2 from httpd 2.4.58.
    - CVE-2023-43622
    - CVE-2023-45802

 -- Marc Deslauriers <email address hidden> Thu, 26 Oct 2023 09:44:44 -0400

Source diff to previous version

Version: 2.4.52-1ubuntu4.6 2023-08-02 14:07:20 UTC

  apache2 (2.4.52-1ubuntu4.6) jammy; urgency=medium

  * d/p/reenable-workers-in-standard-error-state-jammy-apache2.patch:
    fix issue with workers in apache2 which could not recover from its
    error state (LP: #2003189)

 -- Michal Maloszewski <email address hidden> Wed, 03 May 2023 22:02:51 +0200

Source diff to previous version
2003189 Passing health check does not recover worker from its error state

Version: 2.4.52-1ubuntu4.5 2023-04-27 15:11:17 UTC

  apache2 (2.4.52-1ubuntu4.5) jammy; urgency=medium

  * d/p/mod_proxy_hcheck_jammy_fix_to_detect_support.patch: Fix issue
    where enabling mod_proxy_hcheck results in error (LP: #1998311)

 -- Michal Maloszewski <email address hidden> Wed, 01 Mar 2023 23:43:55 +0100

Source diff to previous version
1998311 mod_proxy_hcheck does not detect AJP/CPING support

Version: 2.4.52-1ubuntu4.4 2023-03-09 17:07:03 UTC

  apache2 (2.4.52-1ubuntu4.4) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP request splitting with mod_rewrite and mod_proxy
    - debian/patches/CVE-2023-25690-1.patch: don't forward invalid query
      strings in modules/http2/mod_proxy_http2.c,
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy_ajp.c,
      modules/proxy/mod_proxy_balancer.c, modules/proxy/mod_proxy_http.c,
      modules/proxy/mod_proxy_wstunnel.c.
    - debian/patches/CVE-2023-25690-2.patch: Fix missing APLOGNO in
      modules/http2/mod_proxy_http2.c.
    - CVE-2023-25690
  * SECURITY UPDATE: mod_proxy_uwsgi HTTP response splitting
    - debian/patches/CVE-2023-27522.patch: stricter backend HTTP response
      parsing/validation in modules/proxy/mod_proxy_uwsgi.c.
    - CVE-2023-27522

 -- Marc Deslauriers <email address hidden> Wed, 08 Mar 2023 12:32:01 -0500

CVE-2023-25690 Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected
CVE-2023-27522 HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. S



About   -   Send Feedback to @ubuntu_updates