Format: 1.8 Date: Fri, 18 Jun 2021 07:06:22 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: s390x Version: 2.4.29-1ubuntu4.16 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.29-1ubuntu4.16) bionic-security; urgency=medium . * SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest - debian/patches/CVE-2020-35452.patch: fast validation of the nonce's base64 to fail early if the format can't match anyway in modules/aaa/mod_auth_digest.c. - CVE-2020-35452 * SECURITY UPDATE: DoS via cookie header in mod_session - debian/patches/CVE-2021-26690.patch: save one apr_strtok() in session_identity_decode() in modules/session/mod_session.c. - CVE-2021-26690 * SECURITY UPDATE: heap overflow via SessionHeader - debian/patches/CVE-2021-26691.patch: account for the '&' in identity_concat() in modules/session/mod_session.c. - CVE-2021-26691 * SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF' - debian/patches/CVE-2021-30641.patch: change default behavior in server/request.c. - CVE-2021-30641 * This update does _not_ include the changes from 2.4.29-1ubuntu4.15 in bionic-proposed. Checksums-Sha1: 0c696d2cfbc4858b4a5118ce686377e26c8df53a 977820 apache2-bin_2.4.29-1ubuntu4.16_s390x.deb 13d755a7e4109693a0e7b6793f38bbd8f508e57c 4073492 apache2-dbg_2.4.29-1ubuntu4.16_s390x.deb 69d23f7a8f295eb980af4b262d0712b705d633c5 177636 apache2-dev_2.4.29-1ubuntu4.16_s390x.deb 150187b86bcc120502df294b27e99e9ec84acf70 2396 apache2-ssl-dev_2.4.29-1ubuntu4.16_s390x.deb 38a535bf1a1d4b6906c414cbbd546c8554286d1b 15084 apache2-suexec-custom_2.4.29-1ubuntu4.16_s390x.deb bab9706a79328f80bac3595ed5948d8ac2c8d98b 13588 apache2-suexec-pristine_2.4.29-1ubuntu4.16_s390x.deb e8fcfebf0c5b15b31255fd3b30e63fc58080a335 81780 apache2-utils_2.4.29-1ubuntu4.16_s390x.deb 6e98118ac5fefb7ae68b24e94ffe9c28295e6fcb 10135 apache2_2.4.29-1ubuntu4.16_s390x.buildinfo efdd0cd1d11e5b7eae8f0fefa2d55b56cf0e03ad 95092 apache2_2.4.29-1ubuntu4.16_s390x.deb Checksums-Sha256: c031ff6bea542879caa194b02524046d04477e21b87c762f6878ec514f93b33a 977820 apache2-bin_2.4.29-1ubuntu4.16_s390x.deb a02c1f1a39cf6a79cccc11fca1f5db3bd8c2aee519a99be7ae08e347ea681c35 4073492 apache2-dbg_2.4.29-1ubuntu4.16_s390x.deb 1618e7a808f1e43d78160fb3911d185169221ec07819009f531039373f30cca2 177636 apache2-dev_2.4.29-1ubuntu4.16_s390x.deb dec90a50c0c3b08fcf1133999f3fd253f1fd0cb22e5d5271167869ca27e8dae8 2396 apache2-ssl-dev_2.4.29-1ubuntu4.16_s390x.deb 8ff4402f57d12d70d41dd0a58e57bbf3b4b70111a56b068cc1aa950758d6a866 15084 apache2-suexec-custom_2.4.29-1ubuntu4.16_s390x.deb 48ee103fc91bb06ae269e6bf630070aa06ecd6c6c3bab1ac6636830efb7174e6 13588 apache2-suexec-pristine_2.4.29-1ubuntu4.16_s390x.deb 3480d66326ac60435ce66109c239622f54f872de7018288be1ba8ed0be5f77ac 81780 apache2-utils_2.4.29-1ubuntu4.16_s390x.deb 3b8336b1ad869bf836d585d98816d8ca051b94cd4dbde13672234490330c17b0 10135 apache2_2.4.29-1ubuntu4.16_s390x.buildinfo 93915f3bde64d91c107f6c7d0fa9f4e8a2e796b42445a24f8a70cb8cffd6621e 95092 apache2_2.4.29-1ubuntu4.16_s390x.deb Files: 557d43e0165c679615ecc7279f6af5d2 977820 httpd optional apache2-bin_2.4.29-1ubuntu4.16_s390x.deb 664d9a7352a5c7251f5eac675098142e 4073492 debug optional apache2-dbg_2.4.29-1ubuntu4.16_s390x.deb a66dce2bd658cd19ebe5001851cd4d77 177636 httpd optional apache2-dev_2.4.29-1ubuntu4.16_s390x.deb 1c22f607bd504dc3f6377774b55914fe 2396 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.16_s390x.deb 0ab9c7ea47696f445706060013a2acd0 15084 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.16_s390x.deb ea69f5e6dde652900d1b06e4404fdc2e 13588 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.16_s390x.deb 96450cc092bbfd4dd9ac86bd31b33fc0 81780 httpd optional apache2-utils_2.4.29-1ubuntu4.16_s390x.deb 26af3d02d57ff410ff6763f06afc2b33 10135 httpd optional apache2_2.4.29-1ubuntu4.16_s390x.buildinfo 424e453d380d9f73a076e790147ede60 95092 httpd optional apache2_2.4.29-1ubuntu4.16_s390x.deb Original-Maintainer: Debian Apache Maintainers