apache2 2.4.29-1ubuntu4.16 source package in Ubuntu

Changelog

apache2 (2.4.29-1ubuntu4.16) bionic-security; urgency=medium

  * SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest
    - debian/patches/CVE-2020-35452.patch: fast validation of the nonce's
      base64 to fail early if the format can't match anyway in
      modules/aaa/mod_auth_digest.c.
    - CVE-2020-35452
  * SECURITY UPDATE: DoS via cookie header in mod_session
    - debian/patches/CVE-2021-26690.patch: save one apr_strtok() in
      session_identity_decode() in modules/session/mod_session.c.
    - CVE-2021-26690
  * SECURITY UPDATE: heap overflow via SessionHeader
    - debian/patches/CVE-2021-26691.patch: account for the '&' in
      identity_concat() in modules/session/mod_session.c.
    - CVE-2021-26691
  * SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF'
    - debian/patches/CVE-2021-30641.patch: change default behavior in
      server/request.c.
    - CVE-2021-30641
  * This update does _not_ include the changes from 2.4.29-1ubuntu4.15 in
    bionic-proposed.

 -- Marc Deslauriers <email address hidden>  Fri, 18 Jun 2021 07:06:22 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
httpd
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates main web
Bionic security main web

Downloads

File Size SHA-256 Checksum
apache2_2.4.29.orig.tar.gz 8.2 MiB 948e4a11278a5954698b880b30f401b1e9ab743713ee2c7280a54dd4ddd87085
apache2_2.4.29-1ubuntu4.16.debian.tar.xz 824.5 KiB 8a51be5333ccc4a37ac4e9e6f64afed0811230eeee8f32b29d1933ba58a0955f
apache2_2.4.29-1ubuntu4.16.dsc 3.1 KiB 447766893c4c3ffe4e5da0a2a7012b048637ada0d53973d53473fb5a5437fcb9

View changes file

Binary packages built by this source

apache2: Apache HTTP Server

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 Installing this package results in a full installation, including the
 configuration files, init scripts and support scripts.

apache2-bin: Apache HTTP Server (modules and other binary files)

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 This package contains the binaries only and does not set up a working
 web-server instance. Install the "apache2" package to get a fully working
 instance.

apache2-data: Apache HTTP Server (common files)

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 This package contains architecture-independent common files such as icons,
 error pages and static index files.

apache2-dbg: Apache debugging symbols

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 This package includes the debugging symbols. It can be used to debug
 crashing server instances and modules. See
 /usr/share/doc/apache2/README.backtrace for more information.

apache2-dev: Apache HTTP Server (development headers)

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 This package provides development headers and the apxs2 binary for the Apache
 2 HTTP server, useful to develop and link third party additions to the Debian
 Apache HTTP server package.
 .
 It also provides dh_apache2 and dh sequence addons useful to install various
 Debian Apache2 extensions with debhelper. It supports
  - Apache 2 module configurations and shared objects
  - Site configuration files
  - Global configuration files

apache2-doc: Apache HTTP Server (on-site documentation)

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 This package provides the documentation for the Apache 2 HTTP server. The
 documentation is shipped in HTML format and can be accessed from a local
 running Apache HTTP server instance or by browsing the file system directly.

apache2-ssl-dev: Apache HTTP Server (mod_ssl development headers)

 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 This package provides the development header and the dependencies for
 modules that interact with mod_ssl's internal openssl state.

apache2-suexec-custom: Apache HTTP Server configurable suexec program for mod_suexec

 Provides a customizable version of the suexec helper program for mod_suexec.
 This is not the version from upstream, but can be configured with a
 configuration file.
 .
 If you do not need non-standard document root or userdir settings, it is
 recommended that you use the standard suexec helper program from the
 apache2-suexec-pristine package instead.

apache2-suexec-pristine: Apache HTTP Server standard suexec program for mod_suexec

 Provides the standard suexec helper program for mod_suexec. This version is
 compiled with document root /var/www and userdir suffix public_html. If you
 need different settings, use the package apache2-suexec-custom.

apache2-utils: Apache HTTP Server (utility programs for web servers)

 Provides some add-on programs useful for any web server. These include:
  - ab (Apache benchmark tool)
  - fcgistarter (Start a FastCGI program)
  - logresolve (Resolve IP addresses to hostnames in logfiles)
  - htpasswd (Manipulate basic authentication files)
  - htdigest (Manipulate digest authentication files)
  - htdbm (Manipulate basic authentication files in DBM format, using APR)
  - htcacheclean (Clean up the disk cache)
  - rotatelogs (Periodically stop writing to a logfile and open a new one)
  - split-logfile (Split a single log including multiple vhosts)
  - checkgid (Checks whether the caller can setgid to the specified group)
  - check_forensic (Extract mod_log_forensic output from Apache log files)
  - httxt2dbm (Generate dbm files for use with RewriteMap)