[ubuntu/jammy-security] apache2 2.4.52-1ubuntu4.1 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Tue Jun 21 13:38:44 UTC 2022


apache2 (2.4.52-1ubuntu4.1) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP Request Smuggling
    - debian/patches/CVE-2022-26377.patch: changing
      precedence between T-E and C-L in modules/proxy/mod_proxy_ajp.c.
    - CVE-2022-26377
  * SECURITY UPDATE: Read beyond bounds
    - debian/patches/CVE-2022-28614.patch: handle large
      writes in ap_rputs.
      in server/util.c.
    - CVE-2022-28614
  * SECURITY UPDATE: Read beyond bounds
    - debian/patches/CVE-2022-28615.patch: fix types
      in server/util.c.
    - CVE-2022-28615
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2022-29404.patch: cast first
      in modules/lua/lua_request.c.
    - CVE-2022-29404
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2022-30522.patch: limit mod_sed
      memory use in modules/filters/mod_sec.c,
      modules/filters/sed1.c.
    - CVE-2022-30522
  * SECURITY UPDATE: Returning point past of the buffer
    - debian/patches/CVE-2022-30556.patch: use filters consitently
      in modules/lua/lua_request.c.
    - CVE-2022-30556
  * SECURITY UPDATE: Bypass IP authentication
    - debian/patches/CVE-2022-31813.patch: to clear
      hop-by-hop first and fixup last in modules/proxy/proxy_util.c.
    - CVE-2022-31813

Date: 2022-06-14 18:05:08.397802+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the jammy-changes mailing list