[ubuntu/bionic-security] apache2 2.4.29-1ubuntu4.21 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Jan 6 14:42:36 UTC 2022
apache2 (2.4.29-1ubuntu4.21) bionic-security; urgency=medium
* SECURITY UPDATE: DoS or SSRF via forward proxy
- debian/patches/CVE-2021-44224-1.patch: enforce that fully qualified
uri-paths not to be forward-proxied have an http(s) scheme, and that
the ones to be forward proxied have a hostname in
include/http_protocol.h, modules/http/http_request.c,
modules/http2/h2_request.c, modules/proxy/mod_proxy.c,
modules/proxy/proxy_util.c, server/protocol.c.
- debian/patches/CVE-2021-44224-2.patch: don't prevent forwarding URIs
w/ no hostname in modules/proxy/mod_proxy.c,
modules/proxy/proxy_util.c.
- CVE-2021-44224
* SECURITY UPDATE: overflow in mod_lua multipart parser
- debian/patches/CVE-2021-44790.patch: improve error handling in
modules/lua/lua_request.c.
- CVE-2021-44790
apache2 (2.4.29-1ubuntu4.20) bionic; urgency=medium
* Revert fix from 2.4.29-1ubuntu4.19, due to performance regression.
(LP 1832182)
apache2 (2.4.29-1ubuntu4.19) bionic; urgency=medium
* d/apache2ctl: Also use systemd for graceful if it is in use.
(LP: #1832182)
- This extends an earlier fix for the start command to behave
similarly for restart / graceful. Fixes service failures on
unattended upgrade.
Date: 2022-01-05 16:03:50.643239+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.21
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list