Format: 1.8 Date: Wed, 05 Jan 2022 09:49:56 -0500 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: arm64 Version: 2.4.41-4ubuntu3.9 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.41-4ubuntu3.9) focal-security; urgency=medium . * SECURITY UPDATE: DoS or SSRF via forward proxy - debian/patches/CVE-2021-44224-1.patch: enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname in include/http_protocol.h, modules/http/http_request.c, modules/http2/h2_request.c, modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c, server/protocol.c. - debian/patches/CVE-2021-44224-2.patch: don't prevent forwarding URIs w/ no hostname in modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c. - CVE-2021-44224 * SECURITY UPDATE: overflow in mod_lua multipart parser - debian/patches/CVE-2021-44790.patch: improve error handling in modules/lua/lua_request.c. - CVE-2021-44790 Checksums-Sha1: b94192293d744af139ed98c98b165d4eb65579d5 4832660 apache2-bin-dbgsym_2.4.41-4ubuntu3.9_arm64.ddeb 7e18a3cee306316a2991b8fbed6d96be4f6a604a 1075160 apache2-bin_2.4.41-4ubuntu3.9_arm64.deb 4bdf850d7c16847f0f6174a139e80769b8f03ea0 179368 apache2-dev_2.4.41-4ubuntu3.9_arm64.deb 4aa61db3bf2a9c547e3377d63140bc06d7f949f4 3156 apache2-ssl-dev_2.4.41-4ubuntu3.9_arm64.deb 8a428b200262793c7da5bbd0ab60ee92195ec0c4 12988 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.9_arm64.ddeb 67b73483d2282c3ae94e3fb75ea23fd7f4235c7c 15188 apache2-suexec-custom_2.4.41-4ubuntu3.9_arm64.deb 8cfa7a73a46b6dadb6357661a4977831700301a5 11844 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.9_arm64.ddeb 006df1443bf800f18f4ed1ee0fe8410affadd18b 13720 apache2-suexec-pristine_2.4.41-4ubuntu3.9_arm64.deb 2b4f8dbe2ae76213ad4b1e93e5431fa56950e1b3 140948 apache2-utils-dbgsym_2.4.41-4ubuntu3.9_arm64.ddeb 6c246bc2eced0d01ee022ae6fbc9f5209d395cf6 81296 apache2-utils_2.4.41-4ubuntu3.9_arm64.deb a61b1e7f1c8e96521e2ba886302b3826efa12e90 11798 apache2_2.4.41-4ubuntu3.9_arm64.buildinfo 12a6fd4ad4e48dd4772b5760a7a34ebbf25b57b9 95532 apache2_2.4.41-4ubuntu3.9_arm64.deb c90b96cd102f724efe6ffcc105697c69d3f4badc 988 libapache2-mod-md_2.4.41-4ubuntu3.9_arm64.deb 55d21a827eab9b43d368282967f57782241dbd28 1180 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.9_arm64.deb Checksums-Sha256: 3c62024700495b7f8a1f37cb29040df0f982c85738f67621d18f43b3ee76d848 4832660 apache2-bin-dbgsym_2.4.41-4ubuntu3.9_arm64.ddeb 1539a1bf8b1e68f369bffa0e941ac564d02edbaf1c230afb6b57be492d31c1f4 1075160 apache2-bin_2.4.41-4ubuntu3.9_arm64.deb 41376cfeae509669805464dc0941a80fdb230c8739af8099ff541643de99633e 179368 apache2-dev_2.4.41-4ubuntu3.9_arm64.deb 1416df1df79b4a1335aff335e197624ca005daaa39798067685de9142b74adf7 3156 apache2-ssl-dev_2.4.41-4ubuntu3.9_arm64.deb d3cdbca4454b0b87080577fd75cde490d1edb3bda4ed1d4fc8ed3d170d3902c8 12988 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.9_arm64.ddeb 1ba575b5559331ca97eb78963080d37a7c40111248ec985e54b499df1b0befd6 15188 apache2-suexec-custom_2.4.41-4ubuntu3.9_arm64.deb ba48628dd9f5f835b8a041d4d56ed8659244e1556d2abc196ac66996fa410c34 11844 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.9_arm64.ddeb 78e7031bbbebc72001b41edcf28d4e6a2a3162cb1e48245276589abf92e40a84 13720 apache2-suexec-pristine_2.4.41-4ubuntu3.9_arm64.deb 8442b883fd08ef700fc36e5c7f3207f81da1c66857942cbac1ef0d1efdbef425 140948 apache2-utils-dbgsym_2.4.41-4ubuntu3.9_arm64.ddeb 1e2e3af3af69e808d2122d1ecfbf87087601d66c53908d5ed89bdc742514de25 81296 apache2-utils_2.4.41-4ubuntu3.9_arm64.deb aaf72d24bc9a2543ac85824ad98e28bb62843b74e6c94542ce1a1304cbba60ba 11798 apache2_2.4.41-4ubuntu3.9_arm64.buildinfo 60eeb38d6fe73ef3b8caccf9668ec55330a64751ef925df3a57c9d21139f7fbd 95532 apache2_2.4.41-4ubuntu3.9_arm64.deb 81cc479765e50eb06491c669d55ac210a77e65f555b8775ee2332c525bdc1237 988 libapache2-mod-md_2.4.41-4ubuntu3.9_arm64.deb 05536d25b908db24b91f92caec19114a313e6480d5cc3a04958ea81ceef363f8 1180 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.9_arm64.deb Files: 1af0f5ff2173e3fed80964079020a603 4832660 debug optional apache2-bin-dbgsym_2.4.41-4ubuntu3.9_arm64.ddeb 35cae8356f7a5dfbce34d5653babdadc 1075160 httpd optional apache2-bin_2.4.41-4ubuntu3.9_arm64.deb 3f515150cdb9e907eb61b58c66772b3b 179368 httpd optional apache2-dev_2.4.41-4ubuntu3.9_arm64.deb d5f4e2753d7b81d5ade28baa25170820 3156 httpd optional apache2-ssl-dev_2.4.41-4ubuntu3.9_arm64.deb 90d047ebcd396373328f51adc0d8a5a0 12988 debug optional apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.9_arm64.ddeb 957ba9e15c2c936eb2fece8a4eaada63 15188 httpd optional apache2-suexec-custom_2.4.41-4ubuntu3.9_arm64.deb d48c153e79e3785ced953f56df349f9f 11844 debug optional apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.9_arm64.ddeb 65311402d408a9908b5827e8d08c9181 13720 httpd optional apache2-suexec-pristine_2.4.41-4ubuntu3.9_arm64.deb 6a97180f3630c26d74084880dea58bdc 140948 debug optional apache2-utils-dbgsym_2.4.41-4ubuntu3.9_arm64.ddeb fff7f0cf8a9a6ce5d361bd568c5f041c 81296 httpd optional apache2-utils_2.4.41-4ubuntu3.9_arm64.deb ed30f641690e35241982d8644192110d 11798 httpd optional apache2_2.4.41-4ubuntu3.9_arm64.buildinfo 24fdbbb99e13a15c4d91c78c85b7dcb0 95532 httpd optional apache2_2.4.41-4ubuntu3.9_arm64.deb cc5e6ac4055a56a4cc339ca75b9833c3 988 oldlibs optional libapache2-mod-md_2.4.41-4ubuntu3.9_arm64.deb 7bbebbaaff1e2ffd9341171149b93a25 1180 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.9_arm64.deb Original-Maintainer: Debian Apache Maintainers