[ubuntu/noble-security] apache2 2.4.58-1ubuntu8.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon Apr 29 11:28:42 UTC 2024


apache2 (2.4.58-1ubuntu8.1) noble-security; urgency=medium

  * SECURITY UPDATE: HTTP response splitting
    - debian/patches/CVE-2023-38709.patch: header validation after
      content-* are eval'ed in modules/http/http_filters.c.
    - CVE-2023-38709
  * SECURITY UPDATE: HTTP Response Splitting in multiple modules
    - debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for
      non-http handlers in include/util_script.h,
      modules/aaa/mod_authnz_fcgi.c, modules/generators/mod_cgi.c,
      modules/generators/mod_cgid.c, modules/http/http_filters.c,
      modules/proxy/ajp_header.c, modules/proxy/mod_proxy_fcgi.c,
      modules/proxy/mod_proxy_scgi.c, modules/proxy/mod_proxy_uwsgi.c.
    - CVE-2024-24795
  * SECURITY UPDATE: HTTP/2 DoS by memory exhaustion on endless
    continuation frames
    - debian/patches/CVE-2024-27316.patch: bail after too many failed reads
      in modules/http2/h2_session.c, modules/http2/h2_stream.c,
      modules/http2/h2_stream.h.
    - CVE-2024-27316

Date: 2024-04-22 18:12:10.810686+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.58-1ubuntu8.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the noble-changes mailing list