Format: 1.8 Date: Thu, 18 Apr 2024 11:13:41 -0400 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Built-For-Profiles: noudeb Architecture: ppc64el Version: 2.4.58-1ubuntu8.1 Distribution: noble Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.58-1ubuntu8.1) noble-security; urgency=medium . * SECURITY UPDATE: HTTP response splitting - debian/patches/CVE-2023-38709.patch: header validation after content-* are eval'ed in modules/http/http_filters.c. - CVE-2023-38709 * SECURITY UPDATE: HTTP Response Splitting in multiple modules - debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for non-http handlers in include/util_script.h, modules/aaa/mod_authnz_fcgi.c, modules/generators/mod_cgi.c, modules/generators/mod_cgid.c, modules/http/http_filters.c, modules/proxy/ajp_header.c, modules/proxy/mod_proxy_fcgi.c, modules/proxy/mod_proxy_scgi.c, modules/proxy/mod_proxy_uwsgi.c. - CVE-2024-24795 * SECURITY UPDATE: HTTP/2 DoS by memory exhaustion on endless continuation frames - debian/patches/CVE-2024-27316.patch: bail after too many failed reads in modules/http2/h2_session.c, modules/http2/h2_stream.c, modules/http2/h2_stream.h. - CVE-2024-27316 Checksums-Sha1: 334963b392d945624d86aba844c58e42ed2f34ff 3932270 apache2-bin-dbgsym_2.4.58-1ubuntu8.1_ppc64el.ddeb a2365d5db5693bb6b54c87f0ac0c6d931425dc49 1563914 apache2-bin_2.4.58-1ubuntu8.1_ppc64el.deb 8ea23f5abe1dcbe1771b5096b7e4eb9881ac45e9 199230 apache2-dev_2.4.58-1ubuntu8.1_ppc64el.deb 25457091bc5541ff0bc2eaa289a0b2d7fa866ea2 2984 apache2-ssl-dev_2.4.58-1ubuntu8.1_ppc64el.deb 6708d026f1d791443c02fcae160cbbbffdab86ac 13406 apache2-suexec-custom-dbgsym_2.4.58-1ubuntu8.1_ppc64el.ddeb 372551f233bb9ee3cbc6bab33a09c67fcf3fc839 16136 apache2-suexec-custom_2.4.58-1ubuntu8.1_ppc64el.deb cacb7642a0e78a57acaf987eb1b3ebab43ef7fd4 12018 apache2-suexec-pristine-dbgsym_2.4.58-1ubuntu8.1_ppc64el.ddeb a64b0b1768f99efd09290c09ee32842d975ff0fe 14376 apache2-suexec-pristine_2.4.58-1ubuntu8.1_ppc64el.deb 2293b491208330fcf83d699a32620941ec7df7ce 129364 apache2-utils-dbgsym_2.4.58-1ubuntu8.1_ppc64el.ddeb 0d9fc22cce8dcfac8e28e971a683e059de133cab 101724 apache2-utils_2.4.58-1ubuntu8.1_ppc64el.deb a5590ef17febd026d230cd8f3162e5092fe5aa54 12231 apache2_2.4.58-1ubuntu8.1_ppc64el.buildinfo aabb4e4bb16a56b2f1464356698c98607a92d183 90242 apache2_2.4.58-1ubuntu8.1_ppc64el.deb 9a86985c82c5ee041b30794336431ba5090d4e14 800 libapache2-mod-md_2.4.58-1ubuntu8.1_ppc64el.deb 2e34f86bb5721a1092b35c8c3f0fe585c4f1ae03 996 libapache2-mod-proxy-uwsgi_2.4.58-1ubuntu8.1_ppc64el.deb Checksums-Sha256: 858042c873e295fc4df94d0b3920e4a8d336761cb96320a99ebf3fcaf8a1445e 3932270 apache2-bin-dbgsym_2.4.58-1ubuntu8.1_ppc64el.ddeb 0225ce92f377c4120a65843c4b0895c8439b60455fa869e777b35c92df206c41 1563914 apache2-bin_2.4.58-1ubuntu8.1_ppc64el.deb cbd090e0e2916a1b2010a6a511be32521631bb15c728c91cf6419c3c32824688 199230 apache2-dev_2.4.58-1ubuntu8.1_ppc64el.deb 91ead427b2db09715e8eb6d0471c373ed0479fdf9b9aa2fb3f2a16bf29125fac 2984 apache2-ssl-dev_2.4.58-1ubuntu8.1_ppc64el.deb 155430b758ed955e0944da28809b7e4857699dcab46aa373f909511333a7947b 13406 apache2-suexec-custom-dbgsym_2.4.58-1ubuntu8.1_ppc64el.ddeb b7a4487fa7388c4f2b0a88b2ef541b033c95de3b7ded20663c4609f3c0cdcb3d 16136 apache2-suexec-custom_2.4.58-1ubuntu8.1_ppc64el.deb b3977296d35fcb026e1b73b9d8b3b57dc8f113b9679fa0c49ba831d36ac0884a 12018 apache2-suexec-pristine-dbgsym_2.4.58-1ubuntu8.1_ppc64el.ddeb 6fa681f883da6543885d4685696aed03759730b71f20402dc807cefd34aebcef 14376 apache2-suexec-pristine_2.4.58-1ubuntu8.1_ppc64el.deb aba96c24d7fe06d2a6ad167f53ae1f227fb7f11c9ba88be6225430e0c4467bd4 129364 apache2-utils-dbgsym_2.4.58-1ubuntu8.1_ppc64el.ddeb f9d53c2c24e0e4a5f28d92b33279adac0fdee593bc32978d21b0db5d001d89f9 101724 apache2-utils_2.4.58-1ubuntu8.1_ppc64el.deb 0e13475a8dcb0471a2690cbbb854e555e9fc761b94fd1598fc0bd1bd4a50f95c 12231 apache2_2.4.58-1ubuntu8.1_ppc64el.buildinfo 80f06186a05f898c97a55d1e4e3cac0c82a73cd28f688447e33758f4064686a0 90242 apache2_2.4.58-1ubuntu8.1_ppc64el.deb 4363c6c481b567081409496e8600deb649be3091ea91218de3fa7257b1ea011d 800 libapache2-mod-md_2.4.58-1ubuntu8.1_ppc64el.deb 1e8073ef9155fd370aa1b64635d3d1053b4ba7589a4d9538b959a997ba94b5f2 996 libapache2-mod-proxy-uwsgi_2.4.58-1ubuntu8.1_ppc64el.deb Files: 241b279f605bfe0f417674da53bbfaec 3932270 debug optional apache2-bin-dbgsym_2.4.58-1ubuntu8.1_ppc64el.ddeb cb3fc5830fafbd87dba42e8af6f808d0 1563914 httpd optional apache2-bin_2.4.58-1ubuntu8.1_ppc64el.deb 8a4892b122fc7a635c9b4ece8f9752ba 199230 httpd optional apache2-dev_2.4.58-1ubuntu8.1_ppc64el.deb 3a99991770bbd943f8d4edf6edaeb866 2984 httpd optional apache2-ssl-dev_2.4.58-1ubuntu8.1_ppc64el.deb e222e33385a38305e0e59a1c62a48451 13406 debug optional apache2-suexec-custom-dbgsym_2.4.58-1ubuntu8.1_ppc64el.ddeb 031371d07a19808c80011dfd2a5921d4 16136 httpd optional apache2-suexec-custom_2.4.58-1ubuntu8.1_ppc64el.deb 861e72407ad256ad078ee42197aa7d98 12018 debug optional apache2-suexec-pristine-dbgsym_2.4.58-1ubuntu8.1_ppc64el.ddeb ce3d65b1b1891f3a5043a71afda1caa9 14376 httpd optional apache2-suexec-pristine_2.4.58-1ubuntu8.1_ppc64el.deb 023d2fb25c8d7194608705e74ed13871 129364 debug optional apache2-utils-dbgsym_2.4.58-1ubuntu8.1_ppc64el.ddeb 2b0c6be9d6be1d03e4af229c9a03e366 101724 httpd optional apache2-utils_2.4.58-1ubuntu8.1_ppc64el.deb 25df9ab36c4de29ce101af3626cd80b5 12231 httpd optional apache2_2.4.58-1ubuntu8.1_ppc64el.buildinfo 04bc597aaf88aa439767cca1fe9eafcd 90242 httpd optional apache2_2.4.58-1ubuntu8.1_ppc64el.deb 4570749ee5b88b37e73103cd53c71592 800 oldlibs optional libapache2-mod-md_2.4.58-1ubuntu8.1_ppc64el.deb 3e315ef832c26a228aa58e8351f778a7 996 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.58-1ubuntu8.1_ppc64el.deb Original-Maintainer: Debian Apache Maintainers