[ubuntu/bionic-security] apache2 2.4.29-1ubuntu4.24 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Tue Jun 21 13:38:49 UTC 2022
apache2 (2.4.29-1ubuntu4.24) bionic-security; urgency=medium
* SECURITY UPDATE: HTTP Request Smuggling
- debian/patches/CVE-2022-26377.patch: changing
precedence between T-E and C-L in modules/proxy/mod_proxy_ajp.c.
- CVE-2022-26377
* SECURITY UPDATE: Read beyond bounds
- debian/patches/CVE-2022-28614.patch: handle large
writes in ap_rputs.
in server/util.c.
- CVE-2022-28614
* SECURITY UPDATE: Read beyond bounds
- debian/patches/CVE-2022-28615.patch: fix types
in server/util.c.
- CVE-2022-28615
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2022-29404.patch: cast first
in modules/lua/lua_request.c.
- CVE-2022-29404
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2022-30522.patch: limit mod_sed
memory use in modules/filters/mod_sec.c,
modules/filters/sed1.c.
- CVE-2022-30522
* SECURITY UPDATE: Returning point past of the buffer
- debian/patches/CVE-2022-30556.patch: use filters consistently
in modules/lua/lua_request.c.
- CVE-2022-30556
* SECURITY UPDATE: Bypass IP authentication
- debian/patches/CVE-2022-31813.patch: to clear
hop-by-hop first and fixup last in modules/proxy/proxy_util.c.
- CVE-2022-31813
apache2 (2.4.29-1ubuntu4.23) bionic; urgency=medium
* d/p/mod_http2-Don-t-send-GOAWAY-too-early-when-MaxReques.patch:
Don't send GOAWAY too early on new connections when
MaxRequestsPerChild has been reached. (LP: #1969629)
Date: 2022-06-14 21:13:08.626193+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.24
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list