Format: 1.8 Date: Wed, 10 Apr 2024 13:46:26 -0400 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: riscv64 Version: 2.4.41-4ubuntu3.17 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.41-4ubuntu3.17) focal-security; urgency=medium . * SECURITY UPDATE: HTTP response splitting - debian/patches/CVE-2023-38709.patch: header validation after content-* are eval'ed in modules/http/http_filters.c. - CVE-2023-38709 * SECURITY UPDATE: HTTP Response Splitting in multiple modules - debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for non-http handlers in include/util_script.h, modules/aaa/mod_authnz_fcgi.c, modules/generators/mod_cgi.c, modules/generators/mod_cgid.c, modules/http/http_filters.c, modules/proxy/ajp_header.c, modules/proxy/mod_proxy_fcgi.c, modules/proxy/mod_proxy_scgi.c, modules/proxy/mod_proxy_uwsgi.c. - CVE-2024-24795 * SECURITY UPDATE: HTTP/2 DoS by memory exhaustion on endless continuation frames - debian/patches/CVE-2024-27316.patch: bail after too many failed reads in modules/http2/h2_session.c, modules/http2/h2_stream.c, modules/http2/h2_stream.h. - CVE-2024-27316 Checksums-Sha1: 82a6e4de62f451557e24b8c2a8dcc4d5c286b7a7 4793592 apache2-bin-dbgsym_2.4.41-4ubuntu3.17_riscv64.ddeb 1b61163fe0f45225ded14ca9aafbb4b22654eeb2 1006544 apache2-bin_2.4.41-4ubuntu3.17_riscv64.deb 20e3bd9c1874ceeb7bd85411754df7bec8144f44 179556 apache2-dev_2.4.41-4ubuntu3.17_riscv64.deb 403abf7ebb3631c79819109411dc73ffd3b023ff 3156 apache2-ssl-dev_2.4.41-4ubuntu3.17_riscv64.deb fa644a6cc6ee0d8dc31fe59a33bd818eb04bae96 12796 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.17_riscv64.ddeb 49232e583d2185341b8be05783a5aa1456807953 14744 apache2-suexec-custom_2.4.41-4ubuntu3.17_riscv64.deb 66225281d099a7b00ebaa465c1ad04c6199c2095 11632 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.17_riscv64.ddeb 5e226a5d29e7cc5eae9960391a80a895601aae49 13256 apache2-suexec-pristine_2.4.41-4ubuntu3.17_riscv64.deb 7a56f74d359fa693543ba8c83cb3d3655e152d7e 140168 apache2-utils-dbgsym_2.4.41-4ubuntu3.17_riscv64.ddeb e49fa6ea4ec4d4abde4fe7a437a644765e1a3a01 79804 apache2-utils_2.4.41-4ubuntu3.17_riscv64.deb 6a6876be222c479d60e3115b3784de85bdc05d3e 11886 apache2_2.4.41-4ubuntu3.17_riscv64.buildinfo c0833941120069f82f52c84feff09a14831467df 95524 apache2_2.4.41-4ubuntu3.17_riscv64.deb aea711a5c40d73f0466c0b11a700974c1443dbeb 992 libapache2-mod-md_2.4.41-4ubuntu3.17_riscv64.deb 4419fe2041e7b93d53f7a1e75671be2af6dad314 1184 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.17_riscv64.deb Checksums-Sha256: dd03401b5f669c192c244602beca72d203c0ba01e36a92c3703e46d9d41e1b42 4793592 apache2-bin-dbgsym_2.4.41-4ubuntu3.17_riscv64.ddeb 91b0c9e67cc39bcd798ee84130a61d7705f088fa92441df181cc65c5bd5d038f 1006544 apache2-bin_2.4.41-4ubuntu3.17_riscv64.deb 004ca8e10270a76fca8573ef59511f806e2e167a6faa46a6caf7ebe18f2909ba 179556 apache2-dev_2.4.41-4ubuntu3.17_riscv64.deb 211a044e185da1a2a4f9611c798cbfc5c296ce0de6d0e80a244a3b3525301417 3156 apache2-ssl-dev_2.4.41-4ubuntu3.17_riscv64.deb 5c66b86c16cf88469a177e3d551869f16a4190f41fcf942930b6437864c4f529 12796 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.17_riscv64.ddeb 3877b83cfa25db305e3c434fa1c565c8b7467a82ed2c7db45a607b2438680a79 14744 apache2-suexec-custom_2.4.41-4ubuntu3.17_riscv64.deb 94dc54e4d1261aa512e8f04af91e21ac065068ee9f2dc2a6b2d365a00783c794 11632 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.17_riscv64.ddeb e575d4bbe6631161efde27f4516fe319399d6520f27c6b0f3bf771aaea9f57ce 13256 apache2-suexec-pristine_2.4.41-4ubuntu3.17_riscv64.deb 1a5ac35bc7dae1468fb9c38401db7557611cc67a0a77294ff8aa941d77008e5e 140168 apache2-utils-dbgsym_2.4.41-4ubuntu3.17_riscv64.ddeb e786ec39d34060f913a3c490de2c88a4b0a4ca7a822a152067443a232f52df84 79804 apache2-utils_2.4.41-4ubuntu3.17_riscv64.deb 297da4264ed85e269d39736a6574debf8c13f6f485231d99c32b8baf0c0731b7 11886 apache2_2.4.41-4ubuntu3.17_riscv64.buildinfo d12728131a26e8059a129c386f0bd3def86b35b01f2f21465368a10fb899b6bd 95524 apache2_2.4.41-4ubuntu3.17_riscv64.deb 5d5c19cc600d2e67d383eb5423f45d9ad97f583ba513a4012d5a31385e0d61f0 992 libapache2-mod-md_2.4.41-4ubuntu3.17_riscv64.deb a90e57e909fb2e54700007db4a5b40a920d0fb386d18c55f89e7e94b99386bc0 1184 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.17_riscv64.deb Files: ea99f339c8dc6dfe3981fdceddbd21b7 4793592 debug optional apache2-bin-dbgsym_2.4.41-4ubuntu3.17_riscv64.ddeb 24c2d0abc733e10df5596691dc67629b 1006544 httpd optional apache2-bin_2.4.41-4ubuntu3.17_riscv64.deb 2cb810551febecc95403cf3f34031bf0 179556 httpd optional apache2-dev_2.4.41-4ubuntu3.17_riscv64.deb 403cff89a2087463f828629c65d81bf5 3156 httpd optional apache2-ssl-dev_2.4.41-4ubuntu3.17_riscv64.deb c3d8129c58b9983cb4f028cbe8aa4fe8 12796 debug optional apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.17_riscv64.ddeb d77ea3ad836f993c2018ac5f810ba261 14744 httpd optional apache2-suexec-custom_2.4.41-4ubuntu3.17_riscv64.deb 1069caa537cddb47ed1f03eefc627f85 11632 debug optional apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.17_riscv64.ddeb a5dfe3d3739d7c7085be5f5fda019395 13256 httpd optional apache2-suexec-pristine_2.4.41-4ubuntu3.17_riscv64.deb 283f94ccc83d494bcaee36219c3e5fff 140168 debug optional apache2-utils-dbgsym_2.4.41-4ubuntu3.17_riscv64.ddeb 2fbbb810bd5e532c8b3f94f0b066f059 79804 httpd optional apache2-utils_2.4.41-4ubuntu3.17_riscv64.deb 5ba1e2b2378cbd8ade998a846d2fe231 11886 httpd optional apache2_2.4.41-4ubuntu3.17_riscv64.buildinfo 634456c9dcbc7921a176f9fe189ef8b6 95524 httpd optional apache2_2.4.41-4ubuntu3.17_riscv64.deb 3ff35450d0795eb721830cc778acdec0 992 oldlibs optional libapache2-mod-md_2.4.41-4ubuntu3.17_riscv64.deb 5567e645aae0758521d95a970f34995c 1184 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.17_riscv64.deb Original-Maintainer: Debian Apache Maintainers