[ubuntu/jammy-security] apache2 2.4.52-1ubuntu4.1 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Tue Jun 21 13:38:44 UTC 2022
apache2 (2.4.52-1ubuntu4.1) jammy-security; urgency=medium
* SECURITY UPDATE: HTTP Request Smuggling
- debian/patches/CVE-2022-26377.patch: changing
precedence between T-E and C-L in modules/proxy/mod_proxy_ajp.c.
- CVE-2022-26377
* SECURITY UPDATE: Read beyond bounds
- debian/patches/CVE-2022-28614.patch: handle large
writes in ap_rputs.
in server/util.c.
- CVE-2022-28614
* SECURITY UPDATE: Read beyond bounds
- debian/patches/CVE-2022-28615.patch: fix types
in server/util.c.
- CVE-2022-28615
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2022-29404.patch: cast first
in modules/lua/lua_request.c.
- CVE-2022-29404
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2022-30522.patch: limit mod_sed
memory use in modules/filters/mod_sec.c,
modules/filters/sed1.c.
- CVE-2022-30522
* SECURITY UPDATE: Returning point past of the buffer
- debian/patches/CVE-2022-30556.patch: use filters consitently
in modules/lua/lua_request.c.
- CVE-2022-30556
* SECURITY UPDATE: Bypass IP authentication
- debian/patches/CVE-2022-31813.patch: to clear
hop-by-hop first and fixup last in modules/proxy/proxy_util.c.
- CVE-2022-31813
Date: 2022-06-14 18:05:08.397802+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list