[ubuntu/focal-updates] apache2 2.4.41-4ubuntu3.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Aug 13 14:58:17 UTC 2020
apache2 (2.4.41-4ubuntu3.1) focal-security; urgency=medium
* SECURITY UPDATE: mod_rewrite redirect issue
- debian/patches/CVE-2020-1927-1.patch: factor out default regex flags
in include/ap_regex.h, server/core.c, server/util_pcre.c.
- debian/patches/CVE-2020-1927-2.patch: add AP_REG_NO_DEFAULT to allow
opt-out of pcre defaults in include/ap_regex.h,
modules/filters/mod_substitute.c, server/util_pcre.c,
server/util_regex.c.
- CVE-2020-1927
* SECURITY UPDATE: mod_proxy_ftp uninitialized memory issue
- debian/patches/CVE-2020-1934.patch: trap bad FTP responses in
modules/proxy/mod_proxy_ftp.c.
- CVE-2020-1934
* SECURITY UPDATE: DoS via invalid Cache-Digest header
- debian/patches/CVE-2020-9490.patch: remove support for abandoned
http-wg draft in modules/http2/h2_push.c, modules/http2/h2_push.h.
- CVE-2020-9490
* SECURITY UPDATE: mod_proxy_uwsgi info disclosure and possible RCE
- debian/patches/CVE-2020-11984.patch: error out on HTTP header larger
than 16K in modules/proxy/mod_proxy_uwsgi.c.
- CVE-2020-11984
* SECURITY UPDATE: concurrent use of memory pools in HTTP/2 module
- debian/patches/CVE-2020-11993-pre1.patch: fixed rare cases where a h2
worker could deadlock the main connection in modules/http2/*.
- debian/patches/CVE-2020-11993.patch: fix logging and rename
terminology in modules/http2/*.
- CVE-2020-11993
Date: 2020-08-13 01:32:19.370277+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list