Format: 1.8 Date: Thu, 18 Apr 2024 11:13:41 -0400 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Built-For-Profiles: noudeb Architecture: s390x Version: 2.4.58-1ubuntu8.1 Distribution: noble Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.58-1ubuntu8.1) noble-security; urgency=medium . * SECURITY UPDATE: HTTP response splitting - debian/patches/CVE-2023-38709.patch: header validation after content-* are eval'ed in modules/http/http_filters.c. - CVE-2023-38709 * SECURITY UPDATE: HTTP Response Splitting in multiple modules - debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for non-http handlers in include/util_script.h, modules/aaa/mod_authnz_fcgi.c, modules/generators/mod_cgi.c, modules/generators/mod_cgid.c, modules/http/http_filters.c, modules/proxy/ajp_header.c, modules/proxy/mod_proxy_fcgi.c, modules/proxy/mod_proxy_scgi.c, modules/proxy/mod_proxy_uwsgi.c. - CVE-2024-24795 * SECURITY UPDATE: HTTP/2 DoS by memory exhaustion on endless continuation frames - debian/patches/CVE-2024-27316.patch: bail after too many failed reads in modules/http2/h2_session.c, modules/http2/h2_stream.c, modules/http2/h2_stream.h. - CVE-2024-27316 Checksums-Sha1: 7e7e15514ef76df10c7b7b0ceb30ca3b4967104e 3568486 apache2-bin-dbgsym_2.4.58-1ubuntu8.1_s390x.ddeb 9ba01415f49ec6546a02a910c263f0c594036250 1412432 apache2-bin_2.4.58-1ubuntu8.1_s390x.deb 8b3fe547faa00befac1e57b920f8e9641ff56a09 199236 apache2-dev_2.4.58-1ubuntu8.1_s390x.deb 20b7a09d41d7c300df26636de57f0b70c24b948e 2984 apache2-ssl-dev_2.4.58-1ubuntu8.1_s390x.deb f8843f8e129d9a423997adc1af9edbb2361432bd 13022 apache2-suexec-custom-dbgsym_2.4.58-1ubuntu8.1_s390x.ddeb 94134a8a38bad295ae2a7edeb55a24939875050c 16454 apache2-suexec-custom_2.4.58-1ubuntu8.1_s390x.deb 36ffdaf95e53ad100f8717cf2b791873e9fe8be3 11684 apache2-suexec-pristine-dbgsym_2.4.58-1ubuntu8.1_s390x.ddeb 512185831e189731dae13230662541478aed7a6d 14654 apache2-suexec-pristine_2.4.58-1ubuntu8.1_s390x.deb 2c156ea3db345336113e884834233fa13bcae9bd 121126 apache2-utils-dbgsym_2.4.58-1ubuntu8.1_s390x.ddeb 730e865dfcf4bd151511d62d2cedf5ef64370fc1 100200 apache2-utils_2.4.58-1ubuntu8.1_s390x.deb d3fa8edc702ec6c475893f1e1bd8c29948f0f1b8 12010 apache2_2.4.58-1ubuntu8.1_s390x.buildinfo 9e8fa9fc58c66b0f2c9139f84a47b6479edbc152 90242 apache2_2.4.58-1ubuntu8.1_s390x.deb b7e97f9a1e858828068709bb0e243ab5e6f6f2cb 802 libapache2-mod-md_2.4.58-1ubuntu8.1_s390x.deb 8f23122a875a1b7dd9f3565d6677fc3e6481bfe0 988 libapache2-mod-proxy-uwsgi_2.4.58-1ubuntu8.1_s390x.deb Checksums-Sha256: 0cf9643f1ff156e2f10ed8a65ec8466009eb9a5c7c33a4d1352de6c2c6204632 3568486 apache2-bin-dbgsym_2.4.58-1ubuntu8.1_s390x.ddeb 2596d4ccccaee29b160fa3325f04122d2282b669c1230f92438eb2872d7626c0 1412432 apache2-bin_2.4.58-1ubuntu8.1_s390x.deb 3305b2aefd2e11d11350d29393908f8e32826c56edfce20fc998790ba788ab2f 199236 apache2-dev_2.4.58-1ubuntu8.1_s390x.deb 4cdaf587f46e8bf6348bfe64f84f0484d56f8f31e23d551d98417a1343945572 2984 apache2-ssl-dev_2.4.58-1ubuntu8.1_s390x.deb e932cc38518b136ae4894752f4f61a748843b215490dc19acb4b744f6dae1f7b 13022 apache2-suexec-custom-dbgsym_2.4.58-1ubuntu8.1_s390x.ddeb 0f987dcf8c41a86c120bf3dac7581b246f3d785a06d58b13badc6c5d504388d5 16454 apache2-suexec-custom_2.4.58-1ubuntu8.1_s390x.deb fe8f374511b6498a38058732f351377979d300f0b0627c7031e8292968797704 11684 apache2-suexec-pristine-dbgsym_2.4.58-1ubuntu8.1_s390x.ddeb 7207d6a73bb97cfdb870c9d242becb959bdbc9b3280027a9faf75d0fa4d8d95f 14654 apache2-suexec-pristine_2.4.58-1ubuntu8.1_s390x.deb 70dec387f9cbcfc1aca17e234772b2e4be60387d80feda03dc2b7f0acc155514 121126 apache2-utils-dbgsym_2.4.58-1ubuntu8.1_s390x.ddeb aa4b54c08a2e2c7c85985f7689fc82f443ce9257b976195b3f32620f0d9894b4 100200 apache2-utils_2.4.58-1ubuntu8.1_s390x.deb 03799f2fcda02848ac8fb00eacb39d66b965fd4262fe5573af88a76428c213b4 12010 apache2_2.4.58-1ubuntu8.1_s390x.buildinfo ff7e8555c41ef913c53c6d032987ff8aef8b5c18415e17eb87303b6c319715db 90242 apache2_2.4.58-1ubuntu8.1_s390x.deb 8baba7191f5199adaf92bc7fc730ec8581a7372dcc24a49fb3ad22089fa82d43 802 libapache2-mod-md_2.4.58-1ubuntu8.1_s390x.deb cff63534f51f1ee7b5b7aec45914d280f1daa698a1aee837f980d5076c0a2a52 988 libapache2-mod-proxy-uwsgi_2.4.58-1ubuntu8.1_s390x.deb Files: f114a3f2ce518c241c1485834f9b4254 3568486 debug optional apache2-bin-dbgsym_2.4.58-1ubuntu8.1_s390x.ddeb 40dadcf940f1da7d7bb491e0860967af 1412432 httpd optional apache2-bin_2.4.58-1ubuntu8.1_s390x.deb 714f0fd47ddebb2da1b0563fa369f18c 199236 httpd optional apache2-dev_2.4.58-1ubuntu8.1_s390x.deb 67db914510107b51489e756da6368376 2984 httpd optional apache2-ssl-dev_2.4.58-1ubuntu8.1_s390x.deb a34052ced82bfa89f32464b9e23c06ae 13022 debug optional apache2-suexec-custom-dbgsym_2.4.58-1ubuntu8.1_s390x.ddeb 8e1bfe1b3bd444f22b20f77cba39ec2a 16454 httpd optional apache2-suexec-custom_2.4.58-1ubuntu8.1_s390x.deb 63a7f8f1cc6ee65a6191f831947d778c 11684 debug optional apache2-suexec-pristine-dbgsym_2.4.58-1ubuntu8.1_s390x.ddeb 4d823547a828aea2e0fe3c35bd4d1c38 14654 httpd optional apache2-suexec-pristine_2.4.58-1ubuntu8.1_s390x.deb c4234605d33adb77ae3fe0ac41e63b35 121126 debug optional apache2-utils-dbgsym_2.4.58-1ubuntu8.1_s390x.ddeb d4f72f4cf4b0956c59a7844e0b9e1e67 100200 httpd optional apache2-utils_2.4.58-1ubuntu8.1_s390x.deb f0aa5a9a68e0b331d81600e4e3e83144 12010 httpd optional apache2_2.4.58-1ubuntu8.1_s390x.buildinfo f541594fd0bd5de0b9c716cbbdfef74a 90242 httpd optional apache2_2.4.58-1ubuntu8.1_s390x.deb df6106af2177706ecc9faf3f7afcf176 802 oldlibs optional libapache2-mod-md_2.4.58-1ubuntu8.1_s390x.deb b557096c23131a88b714a0d271cc869e 988 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.58-1ubuntu8.1_s390x.deb Original-Maintainer: Debian Apache Maintainers