Publishing details
Changelog
apache2 (2.4.52-1ubuntu4.9) jammy-security; urgency=medium
* SECURITY UPDATE: HTTP response splitting
- debian/patches/CVE-2023-38709.patch: header validation after
content-* are eval'ed in modules/http/http_filters.c.
- CVE-2023-38709
* SECURITY UPDATE: HTTP Response Splitting in multiple modules
- debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for
non-http handlers in include/util_script.h,
modules/aaa/mod_authnz_fcgi.c, modules/generators/mod_cgi.c,
modules/generators/mod_cgid.c, modules/http/http_filters.c,
modules/proxy/ajp_header.c, modules/proxy/mod_proxy_fcgi.c,
modules/proxy/mod_proxy_scgi.c, modules/proxy/mod_proxy_uwsgi.c.
- CVE-2024-24795
* SECURITY UPDATE: HTTP/2 DoS by memory exhaustion on endless
continuation frames
- debian/patches/CVE-2024-27316.patch: bail after too many failed reads
in modules/http2/h2_session.c, modules/http2/h2_stream.c,
modules/http2/h2_stream.h.
- CVE-2024-27316
-- Marc Deslauriers <email address hidden> Wed, 10 Apr 2024 13:45:18 -0400
Builds
Built packages
-
apache2
Apache HTTP Server
-
apache2-bin
Apache HTTP Server (modules and other binary files)
-
apache2-bin-dbgsym
debug symbols for apache2-bin
-
apache2-data
Apache HTTP Server (common files)
-
apache2-dev
Apache HTTP Server (development headers)
-
apache2-doc
Apache HTTP Server (on-site documentation)
-
apache2-ssl-dev
Apache HTTP Server (mod_ssl development headers)
-
apache2-suexec-custom
Apache HTTP Server configurable suexec program for mod_suexec
-
apache2-suexec-custom-dbgsym
debug symbols for apache2-suexec-custom
-
apache2-suexec-pristine
Apache HTTP Server standard suexec program for mod_suexec
-
apache2-suexec-pristine-dbgsym
debug symbols for apache2-suexec-pristine
-
apache2-utils
Apache HTTP Server (utility programs for web servers)
-
apache2-utils-dbgsym
debug symbols for apache2-utils
-
libapache2-mod-md
transitional package
-
libapache2-mod-proxy-uwsgi
transitional package
Package files