Format: 1.8 Date: Thu, 18 Apr 2024 11:13:41 -0400 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Built-For-Profiles: noudeb Architecture: arm64 Version: 2.4.58-1ubuntu8.1 Distribution: noble Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.58-1ubuntu8.1) noble-security; urgency=medium . * SECURITY UPDATE: HTTP response splitting - debian/patches/CVE-2023-38709.patch: header validation after content-* are eval'ed in modules/http/http_filters.c. - CVE-2023-38709 * SECURITY UPDATE: HTTP Response Splitting in multiple modules - debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for non-http handlers in include/util_script.h, modules/aaa/mod_authnz_fcgi.c, modules/generators/mod_cgi.c, modules/generators/mod_cgid.c, modules/http/http_filters.c, modules/proxy/ajp_header.c, modules/proxy/mod_proxy_fcgi.c, modules/proxy/mod_proxy_scgi.c, modules/proxy/mod_proxy_uwsgi.c. - CVE-2024-24795 * SECURITY UPDATE: HTTP/2 DoS by memory exhaustion on endless continuation frames - debian/patches/CVE-2024-27316.patch: bail after too many failed reads in modules/http2/h2_session.c, modules/http2/h2_stream.c, modules/http2/h2_stream.h. - CVE-2024-27316 Checksums-Sha1: 1617478e44c1564d2e78fde112e3881513535e9c 3460744 apache2-bin-dbgsym_2.4.58-1ubuntu8.1_arm64.ddeb 485f9f94252e684cb78c5060ba38dd579904b369 1316954 apache2-bin_2.4.58-1ubuntu8.1_arm64.deb a45d6ccf804b8e9f9388076c34a3f59e341f0c2e 199244 apache2-dev_2.4.58-1ubuntu8.1_arm64.deb 225fb4138e0e9b9bc01328015f1fcd5a5e5907e1 2982 apache2-ssl-dev_2.4.58-1ubuntu8.1_arm64.deb 6a22ee3bf79a7e93ae3a6b27a3c1bdad37c0f99d 12706 apache2-suexec-custom-dbgsym_2.4.58-1ubuntu8.1_arm64.ddeb 41ebc0ce857f53e00b070a4245946d32a912b2d9 15862 apache2-suexec-custom_2.4.58-1ubuntu8.1_arm64.deb c7e1e8a4aa34b8c5dfd1952a852ae3717efab205 11512 apache2-suexec-pristine-dbgsym_2.4.58-1ubuntu8.1_arm64.ddeb 1676890aba36a2a281926c9567d25b02b4e09455 14334 apache2-suexec-pristine_2.4.58-1ubuntu8.1_arm64.deb e07e4d29a554fa80b239e50b6ef424ab06fcb6b3 119830 apache2-utils-dbgsym_2.4.58-1ubuntu8.1_arm64.ddeb ed6254f7a3ccf76a98f290e5db275bd78795f2b6 95492 apache2-utils_2.4.58-1ubuntu8.1_arm64.deb 234a26da2d0d600b90d433c70f86286e488e4c05 12148 apache2_2.4.58-1ubuntu8.1_arm64.buildinfo e122a60305cca0e100dcd3d4362dff526b3d35b0 90240 apache2_2.4.58-1ubuntu8.1_arm64.deb 7bda6ebe82a1eb0cb22591e19f2e7124ef2f8c18 798 libapache2-mod-md_2.4.58-1ubuntu8.1_arm64.deb b7686cbfe33261947355697454540a56661a92d5 986 libapache2-mod-proxy-uwsgi_2.4.58-1ubuntu8.1_arm64.deb Checksums-Sha256: 003d167f0fab8c111243a5fe5e419b9c22595540df22a44e5aaf6dd2e70d43bc 3460744 apache2-bin-dbgsym_2.4.58-1ubuntu8.1_arm64.ddeb 752b31632597b8df77f2e6a3c95471889a1f869b1faabe9f4d6f54d49fb41dc2 1316954 apache2-bin_2.4.58-1ubuntu8.1_arm64.deb 168ce38e59c531f5a39863751fa77f8ced94c1d13750151a34bc51097ca40431 199244 apache2-dev_2.4.58-1ubuntu8.1_arm64.deb f3ab8aec18007b8f1667f8c395e7723a691017d8b3d062930e5b5d93814a0f53 2982 apache2-ssl-dev_2.4.58-1ubuntu8.1_arm64.deb c06f7bdc9f805f7d7c6743041c692daa06ed5af2b5743cc7522140183b7c70bb 12706 apache2-suexec-custom-dbgsym_2.4.58-1ubuntu8.1_arm64.ddeb 7c1b3dc05206d26f6b30dda66930faaaf0a100f18e05e3cb0453534814a91229 15862 apache2-suexec-custom_2.4.58-1ubuntu8.1_arm64.deb f90e81d2a7a0360235845a534e4e0182cfe94b0b5eda1a453f513978bddcb611 11512 apache2-suexec-pristine-dbgsym_2.4.58-1ubuntu8.1_arm64.ddeb 635d4f470d53bbe584b4f2e44ff9729eb046379c7dbf1fec77ed2c16c0c992cf 14334 apache2-suexec-pristine_2.4.58-1ubuntu8.1_arm64.deb 6e0c162428580514c8b2468b7f42097b8675853e3e98e7b8548a71ab3eddbf45 119830 apache2-utils-dbgsym_2.4.58-1ubuntu8.1_arm64.ddeb 21b846764cb9779123fedb98868c811007c197e251f511cc56bf7b28ac8ee16b 95492 apache2-utils_2.4.58-1ubuntu8.1_arm64.deb 9b4632a6316eac9653ce5a7eeecf89d76579999e75215ca32458c7ad6f3d8ca9 12148 apache2_2.4.58-1ubuntu8.1_arm64.buildinfo 9d71274baf75a3bade5ed6296199382f4614ad4875ca43e4dbcad00712eb77ac 90240 apache2_2.4.58-1ubuntu8.1_arm64.deb 747b1a009e4238b2ee401aa7c9b1bf8c485eb2a28cff0221c3f36ff1f7ac3218 798 libapache2-mod-md_2.4.58-1ubuntu8.1_arm64.deb 9591a3aff9799a6f5044d477d5522ddb21a4d13711db8bab669c61e9631f888b 986 libapache2-mod-proxy-uwsgi_2.4.58-1ubuntu8.1_arm64.deb Files: b39e2d9bc221cf623a204d5099a3c30e 3460744 debug optional apache2-bin-dbgsym_2.4.58-1ubuntu8.1_arm64.ddeb a5fbd051785708fe6960c4415889cc95 1316954 httpd optional apache2-bin_2.4.58-1ubuntu8.1_arm64.deb 5dedbdf51c87d01328701ebb318c2744 199244 httpd optional apache2-dev_2.4.58-1ubuntu8.1_arm64.deb daba8454ca081843cde95703c7551700 2982 httpd optional apache2-ssl-dev_2.4.58-1ubuntu8.1_arm64.deb cbeef60bd7071611f378cd9f56d9976d 12706 debug optional apache2-suexec-custom-dbgsym_2.4.58-1ubuntu8.1_arm64.ddeb f91281ba2673977190434dd07c2d03b5 15862 httpd optional apache2-suexec-custom_2.4.58-1ubuntu8.1_arm64.deb f91316a041c29af9d946ea0e6e9bdaf8 11512 debug optional apache2-suexec-pristine-dbgsym_2.4.58-1ubuntu8.1_arm64.ddeb 400d40521191788c6fdf2c567365e2ec 14334 httpd optional apache2-suexec-pristine_2.4.58-1ubuntu8.1_arm64.deb d9ecc629fbf65718bccd27420f26b567 119830 debug optional apache2-utils-dbgsym_2.4.58-1ubuntu8.1_arm64.ddeb 9569ab1d1d5797aa1187e7e0637b0dda 95492 httpd optional apache2-utils_2.4.58-1ubuntu8.1_arm64.deb a0d6ba5d8b3961747984bc90ca421f75 12148 httpd optional apache2_2.4.58-1ubuntu8.1_arm64.buildinfo cf84439cf5e35c23f973052e42ace168 90240 httpd optional apache2_2.4.58-1ubuntu8.1_arm64.deb 9c9f6f37c804937024fc642d4dfb785f 798 oldlibs optional libapache2-mod-md_2.4.58-1ubuntu8.1_arm64.deb 6986763f2b874bd7cffb843410e5fbea 986 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.58-1ubuntu8.1_arm64.deb Original-Maintainer: Debian Apache Maintainers