Format: 1.8 Date: Fri, 18 Jun 2021 07:06:22 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: armhf Version: 2.4.29-1ubuntu4.16 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.29-1ubuntu4.16) bionic-security; urgency=medium . * SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest - debian/patches/CVE-2020-35452.patch: fast validation of the nonce's base64 to fail early if the format can't match anyway in modules/aaa/mod_auth_digest.c. - CVE-2020-35452 * SECURITY UPDATE: DoS via cookie header in mod_session - debian/patches/CVE-2021-26690.patch: save one apr_strtok() in session_identity_decode() in modules/session/mod_session.c. - CVE-2021-26690 * SECURITY UPDATE: heap overflow via SessionHeader - debian/patches/CVE-2021-26691.patch: account for the '&' in identity_concat() in modules/session/mod_session.c. - CVE-2021-26691 * SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF' - debian/patches/CVE-2021-30641.patch: change default behavior in server/request.c. - CVE-2021-30641 * This update does _not_ include the changes from 2.4.29-1ubuntu4.15 in bionic-proposed. Checksums-Sha1: 27ab1984c63c35c7330f8ea94373a2ea0cf9b3e9 933444 apache2-bin_2.4.29-1ubuntu4.16_armhf.deb dca2c13ca9f9c99fcab81bc72c93d665c15e0e9e 3914392 apache2-dbg_2.4.29-1ubuntu4.16_armhf.deb 01d19d4f6da7cf4e9b5796a6ff78f91ae2d45697 177652 apache2-dev_2.4.29-1ubuntu4.16_armhf.deb cccd60ee4d1fc0c50c541784e65e0a867158787e 2396 apache2-ssl-dev_2.4.29-1ubuntu4.16_armhf.deb b3d4b8e936da08e03a031e2130b4f7e15f5bfb0e 14540 apache2-suexec-custom_2.4.29-1ubuntu4.16_armhf.deb 77ba7a686850164440d732f771c8767901af38f9 13088 apache2-suexec-pristine_2.4.29-1ubuntu4.16_armhf.deb 591ef9b63226f613f8377be9d413084e6bbbc7fe 84008 apache2-utils_2.4.29-1ubuntu4.16_armhf.deb 87b7ca26120cdbb1b7d3a16c9277013d9414310b 10143 apache2_2.4.29-1ubuntu4.16_armhf.buildinfo cc5c2dbf58eb85271a6cf3b7852497e972b7b146 95104 apache2_2.4.29-1ubuntu4.16_armhf.deb Checksums-Sha256: 6b951953c232d05896fed0b088da0ac6f0e7f9fdf02162f4de791f7fd8983b4a 933444 apache2-bin_2.4.29-1ubuntu4.16_armhf.deb 3a735ff64a1cf9001515e32663b3516f0019868bf5999b697c6fa5c6f77b2d35 3914392 apache2-dbg_2.4.29-1ubuntu4.16_armhf.deb 356085c90092cd2bd0aa51eb7e7de3fbe500c1fc0445d9155525efdfd9559c2f 177652 apache2-dev_2.4.29-1ubuntu4.16_armhf.deb 5b1c542b7da07c28976274e9c933a0651292afb2d682466d8eee4ce326b6a8f3 2396 apache2-ssl-dev_2.4.29-1ubuntu4.16_armhf.deb 82aae83196b2ce028c64f68e3c668c539ec98b73fda91b0e31ba4cf15e4767b4 14540 apache2-suexec-custom_2.4.29-1ubuntu4.16_armhf.deb 3cb0aced57f4993ac73d41915706e02d2612956067140340a5791882bf78e71a 13088 apache2-suexec-pristine_2.4.29-1ubuntu4.16_armhf.deb da78c48207de234b4348dea1ed41baea39380f4d83bd7fe67960bd27fe3aad89 84008 apache2-utils_2.4.29-1ubuntu4.16_armhf.deb 239c7fc868275eb6ff3639c122ca189856f53e2aceb8ac5fae5a9d92ca29d111 10143 apache2_2.4.29-1ubuntu4.16_armhf.buildinfo 887ba84bc3cb7d4249c1a6fa9a32937e5e2f03cd729b0c44db07dbe90e3a8cad 95104 apache2_2.4.29-1ubuntu4.16_armhf.deb Files: 4fe8c0d5def2bf79d5398d60aedd3294 933444 httpd optional apache2-bin_2.4.29-1ubuntu4.16_armhf.deb cb700a9ff8ebb30e3f0537e057c3e840 3914392 debug optional apache2-dbg_2.4.29-1ubuntu4.16_armhf.deb 0af714fd746a9c8f6ab3591a207f8ea7 177652 httpd optional apache2-dev_2.4.29-1ubuntu4.16_armhf.deb 1359f8d5c1cfef7420c550c66856cda1 2396 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.16_armhf.deb 08f84af971404078b300d6f7e3b9bd8a 14540 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.16_armhf.deb e0660368c2f6d931d6cfecd91eaca031 13088 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.16_armhf.deb 5aba22b4b02cc940cfa6b85bf660275a 84008 httpd optional apache2-utils_2.4.29-1ubuntu4.16_armhf.deb 1c42a8f75464e2e3c3c045d486e5dca6 10143 httpd optional apache2_2.4.29-1ubuntu4.16_armhf.buildinfo 802e30535905a23a26b97951a34be6db 95104 httpd optional apache2_2.4.29-1ubuntu4.16_armhf.deb Original-Maintainer: Debian Apache Maintainers