[ubuntu/jammy-proposed] apache2 2.4.52-1ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu Mar 17 14:05:14 UTC 2022
apache2 (2.4.52-1ubuntu2) jammy; urgency=medium
* SECURITY UPDATE: OOB read in mod_lua via crafted request body
- debian/patches/CVE-2022-22719.patch: error out if lua_read_body() or
lua_write_body() fail in modules/lua/lua_request.c.
- CVE-2022-22719
* SECURITY UPDATE: HTTP Request Smuggling via error discarding the
request body
- debian/patches/CVE-2022-22720.patch: simpler connection close logic
if discarding the request body fails in modules/http/http_filters.c,
server/protocol.c.
- CVE-2022-22720
* SECURITY UPDATE: overflow via large LimitXMLRequestBody
- debian/patches/CVE-2022-22721.patch: make sure and check that
LimitXMLRequestBody fits in system memory in server/core.c,
server/util.c, server/util_xml.c.
- CVE-2022-22721
* SECURITY UPDATE: out-of-bounds write in mod_sed
- debian/patches/CVE-2022-23943-1.patch: use size_t to allow for larger
buffer sizes and unsigned arithmetics in modules/filters/libsed.h,
modules/filters/mod_sed.c, modules/filters/sed1.c.
- debian/patches/CVE-2022-23943-2.patch: improve the logic flow in
modules/filters/mod_sed.c.
- CVE-2022-23943
Date: Thu, 17 Mar 2022 09:39:54 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Thu, 17 Mar 2022 09:39:54 -0400
Source: apache2
Built-For-Profiles: noudeb
Architecture: source
Version: 2.4.52-1ubuntu2
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
apache2 (2.4.52-1ubuntu2) jammy; urgency=medium
.
* SECURITY UPDATE: OOB read in mod_lua via crafted request body
- debian/patches/CVE-2022-22719.patch: error out if lua_read_body() or
lua_write_body() fail in modules/lua/lua_request.c.
- CVE-2022-22719
* SECURITY UPDATE: HTTP Request Smuggling via error discarding the
request body
- debian/patches/CVE-2022-22720.patch: simpler connection close logic
if discarding the request body fails in modules/http/http_filters.c,
server/protocol.c.
- CVE-2022-22720
* SECURITY UPDATE: overflow via large LimitXMLRequestBody
- debian/patches/CVE-2022-22721.patch: make sure and check that
LimitXMLRequestBody fits in system memory in server/core.c,
server/util.c, server/util_xml.c.
- CVE-2022-22721
* SECURITY UPDATE: out-of-bounds write in mod_sed
- debian/patches/CVE-2022-23943-1.patch: use size_t to allow for larger
buffer sizes and unsigned arithmetics in modules/filters/libsed.h,
modules/filters/mod_sed.c, modules/filters/sed1.c.
- debian/patches/CVE-2022-23943-2.patch: improve the logic flow in
modules/filters/mod_sed.c.
- CVE-2022-23943
Checksums-Sha1:
1aaea103087f501e54ce99b580dd88286d23a45d 3334 apache2_2.4.52-1ubuntu2.dsc
a7c8dbcae6553739c610d155cf645c2140376c25 909764 apache2_2.4.52-1ubuntu2.debian.tar.xz
54e238ac7ea46b20357fb86fc5f409fe443e04f6 8238 apache2_2.4.52-1ubuntu2_source.buildinfo
Checksums-Sha256:
df0ac4ee396267f28d68b6236ed237edb8a9286a2f122ccd363e7d7c2cad92c1 3334 apache2_2.4.52-1ubuntu2.dsc
7733bd1151ac5feb4dfb26da9330f2ccf6ef88df550aca32bea6564d10c458ea 909764 apache2_2.4.52-1ubuntu2.debian.tar.xz
fb00fe71c1c4e42b30f9adce57f5f67f50bd023953be59537260fdad82f6c48b 8238 apache2_2.4.52-1ubuntu2_source.buildinfo
Files:
2c544c80d0faa42f495111155e3e783a 3334 httpd optional apache2_2.4.52-1ubuntu2.dsc
270aa697eba80551458df0446e5d443a 909764 httpd optional apache2_2.4.52-1ubuntu2.debian.tar.xz
2d5271fd0e8282ed8b9533212cc9fd19 8238 httpd optional apache2_2.4.52-1ubuntu2_source.buildinfo
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
More information about the jammy-changes
mailing list