Format: 1.8 Date: Wed, 05 Jan 2022 09:50:41 -0500 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: arm64 Version: 2.4.29-1ubuntu4.21 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.29-1ubuntu4.21) bionic-security; urgency=medium . * SECURITY UPDATE: DoS or SSRF via forward proxy - debian/patches/CVE-2021-44224-1.patch: enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname in include/http_protocol.h, modules/http/http_request.c, modules/http2/h2_request.c, modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c, server/protocol.c. - debian/patches/CVE-2021-44224-2.patch: don't prevent forwarding URIs w/ no hostname in modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c. - CVE-2021-44224 * SECURITY UPDATE: overflow in mod_lua multipart parser - debian/patches/CVE-2021-44790.patch: improve error handling in modules/lua/lua_request.c. - CVE-2021-44790 Checksums-Sha1: 7566ddbd89e59ab8078c6c86c46786b7c5220cf7 903216 apache2-bin_2.4.29-1ubuntu4.21_arm64.deb 8e782580bf2711f43957e5f121a137879e5ec7b4 4111736 apache2-dbg_2.4.29-1ubuntu4.21_arm64.deb 0f3b15d5dd86ca5a8289dab63e64711a426b508c 177676 apache2-dev_2.4.29-1ubuntu4.21_arm64.deb 4f9a2fe9fa0e04f324692b224d072d0320af2dce 2392 apache2-ssl-dev_2.4.29-1ubuntu4.21_arm64.deb 05642f2dfba6ed638e8c6e390bd552f42568d063 14868 apache2-suexec-custom_2.4.29-1ubuntu4.21_arm64.deb 4ac7e9cc51566f378629d6c34d143545f2585cd8 13376 apache2-suexec-pristine_2.4.29-1ubuntu4.21_arm64.deb b5a6b36bfb7dd6c4b39d241757362dae2ba608a9 78284 apache2-utils_2.4.29-1ubuntu4.21_arm64.deb 599cfb9626df3915718880b174f6d753885f04d2 10211 apache2_2.4.29-1ubuntu4.21_arm64.buildinfo 645ba7914ec7edbd20894c38e4115335f35181db 95148 apache2_2.4.29-1ubuntu4.21_arm64.deb Checksums-Sha256: a588b7fc51fd42555bb6a15fea5f8059aea63d43e93e1909d447665effb04c0b 903216 apache2-bin_2.4.29-1ubuntu4.21_arm64.deb 16ca1e6c0f436c910a2f1d8f053c18c32783b63678558cfb8d99ec737cf8920e 4111736 apache2-dbg_2.4.29-1ubuntu4.21_arm64.deb 72496ddd7cd90dd3297f34b53873fa88cc56cf64a99a8943ec7238ebb35fa950 177676 apache2-dev_2.4.29-1ubuntu4.21_arm64.deb 7503fd4cc60e32412bf906abafeaca48eb7e7789e759d3bdf9b7fbd9c7f91531 2392 apache2-ssl-dev_2.4.29-1ubuntu4.21_arm64.deb f3bca60cfb044a6641cc1a24c69c08b06413aa5ae5dd86905dc65f6264758679 14868 apache2-suexec-custom_2.4.29-1ubuntu4.21_arm64.deb 4e06118f1d30080ddd1cc94732afa77d2187f061e58e8f52416d50a80af9b5e4 13376 apache2-suexec-pristine_2.4.29-1ubuntu4.21_arm64.deb 68e5375b0ba93dc50e547c0c55915f0d7fe082bac5708b7c280ac8b2aec80e46 78284 apache2-utils_2.4.29-1ubuntu4.21_arm64.deb c7d7ca289e7c36d8eafb60761da7f64c86cbac1180f2b8205b1eb17171b2f73d 10211 apache2_2.4.29-1ubuntu4.21_arm64.buildinfo 0266c222376da282e435a79914a0cb2e76afdc2fce88f58969f29bd2119b79d8 95148 apache2_2.4.29-1ubuntu4.21_arm64.deb Files: fe02577d699fb35557839fcf9103988a 903216 httpd optional apache2-bin_2.4.29-1ubuntu4.21_arm64.deb 662ad81a981d5fdfba37663306daed26 4111736 debug optional apache2-dbg_2.4.29-1ubuntu4.21_arm64.deb 6ec5292697092b3426020dd7798d4319 177676 httpd optional apache2-dev_2.4.29-1ubuntu4.21_arm64.deb dd29130585fec385573d46be8c696536 2392 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.21_arm64.deb ab997338cc1de1ee20a274e5081fef71 14868 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.21_arm64.deb 7fc257bfd85ce82cec2c8e4896b9214c 13376 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.21_arm64.deb 1dd7649301f409411cdf655b22cc503b 78284 httpd optional apache2-utils_2.4.29-1ubuntu4.21_arm64.deb b9cd92157c7288cff1a5dcd874d01419 10211 httpd optional apache2_2.4.29-1ubuntu4.21_arm64.buildinfo 263ad19cf4a059721adf7e0cd078fa5c 95148 httpd optional apache2_2.4.29-1ubuntu4.21_arm64.deb Original-Maintainer: Debian Apache Maintainers