Package "libapache2-mod-proxy-uwsgi"

Name: libapache2-mod-proxy-uwsgi


transitional package

Latest version: 2.4.52-1ubuntu4.1
Release: jammy (22.04)
Level: updates
Repository: universe
Head package: apache2
Homepage: https://httpd.apache.org/


Download "libapache2-mod-proxy-uwsgi"

Other versions of "libapache2-mod-proxy-uwsgi" in Jammy

Repository Area Version
base universe 2.4.52-1ubuntu4
security universe 2.4.52-1ubuntu4.1


Version: 2.4.52-1ubuntu4.1 2022-06-21 16:06:34 UTC

  apache2 (2.4.52-1ubuntu4.1) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP Request Smuggling
    - debian/patches/CVE-2022-26377.patch: changing
      precedence between T-E and C-L in modules/proxy/mod_proxy_ajp.c.
    - CVE-2022-26377
  * SECURITY UPDATE: Read beyond bounds
    - debian/patches/CVE-2022-28614.patch: handle large
      writes in ap_rputs.
      in server/util.c.
    - CVE-2022-28614
  * SECURITY UPDATE: Read beyond bounds
    - debian/patches/CVE-2022-28615.patch: fix types
      in server/util.c.
    - CVE-2022-28615
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2022-29404.patch: cast first
      in modules/lua/lua_request.c.
    - CVE-2022-29404
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2022-30522.patch: limit mod_sed
      memory use in modules/filters/mod_sec.c,
    - CVE-2022-30522
  * SECURITY UPDATE: Returning point past of the buffer
    - debian/patches/CVE-2022-30556.patch: use filters consitently
      in modules/lua/lua_request.c.
    - CVE-2022-30556
  * SECURITY UPDATE: Bypass IP authentication
    - debian/patches/CVE-2022-31813.patch: to clear
      hop-by-hop first and fixup last in modules/proxy/proxy_util.c.
    - CVE-2022-31813

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 14 Jun 2022 09:30:21 -0300

CVE-2022-26377 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to sm
CVE-2022-28614 The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very larg
CVE-2022-28615 Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extrem
CVE-2022-29404 In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no defau
CVE-2022-30522 If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may m
CVE-2022-30556 Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the
CVE-2022-31813 Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop m

About   -   Send Feedback to @ubuntu_updates