[ubuntu/bionic-security] apache2 2.4.29-1ubuntu4.22 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Mar 17 11:23:46 UTC 2022

apache2 (2.4.29-1ubuntu4.22) bionic-security; urgency=medium

  * SECURITY UPDATE: OOB read in mod_lua via crafted request body
    - debian/patches/CVE-2022-22719.patch: error out if lua_read_body() or
      lua_write_body() fail in modules/lua/lua_request.c.
    - CVE-2022-22719
  * SECURITY UPDATE: HTTP Request Smuggling via error discarding the
    request body
    - debian/patches/CVE-2022-22720.patch: simpler connection close logic
      if discarding the request body fails in modules/http/http_filters.c,
    - CVE-2022-22720
  * SECURITY UPDATE: overflow via large LimitXMLRequestBody
    - debian/patches/CVE-2022-22721.patch: make sure and check that
      LimitXMLRequestBody fits in system memory in server/core.c,
      server/util.c, server/util_xml.c.
    - CVE-2022-22721
  * SECURITY UPDATE: out-of-bounds write in mod_sed
    - debian/patches/CVE-2022-23943-1.patch: use size_t to allow for larger
      buffer sizes and unsigned arithmetics in modules/filters/libsed.h,
      modules/filters/mod_sed.c, modules/filters/sed1.c.
    - debian/patches/CVE-2022-23943-2.patch: improve the logic flow in
    - CVE-2022-23943

Date: 2022-03-16 17:40:09.960056+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list