Format: 1.8 Date: Wed, 10 Apr 2024 13:41:02 -0400 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Built-For-Profiles: noudeb Architecture: armhf Version: 2.4.57-2ubuntu2.4 Distribution: mantic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.57-2ubuntu2.4) mantic-security; urgency=medium . * SECURITY UPDATE: HTTP response splitting - debian/patches/CVE-2023-38709.patch: header validation after content-* are eval'ed in modules/http/http_filters.c. - CVE-2023-38709 * SECURITY UPDATE: HTTP Response Splitting in multiple modules - debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for non-http handlers in include/util_script.h, modules/aaa/mod_authnz_fcgi.c, modules/generators/mod_cgi.c, modules/generators/mod_cgid.c, modules/http/http_filters.c, modules/proxy/ajp_header.c, modules/proxy/mod_proxy_fcgi.c, modules/proxy/mod_proxy_scgi.c, modules/proxy/mod_proxy_uwsgi.c. - CVE-2024-24795 * SECURITY UPDATE: HTTP/2 DoS by memory exhaustion on endless continuation frames - debian/patches/CVE-2024-27316.patch: bail after too many failed reads in modules/http2/h2_session.c, modules/http2/h2_stream.c, modules/http2/h2_stream.h. - CVE-2024-27316 Checksums-Sha1: 78c2fdea9d3cd15e7f6ff14ae9307f95b6ab12d0 3257506 apache2-bin-dbgsym_2.4.57-2ubuntu2.4_armhf.ddeb 2951e74406127a958d30975ecfcd0942c658a48b 1199058 apache2-bin_2.4.57-2ubuntu2.4_armhf.deb 7837b2413152caa7418e587cf979eb927c9b24a4 199442 apache2-dev_2.4.57-2ubuntu2.4_armhf.deb d8b64b0a7dba8037cc91988d060a4c920cf84673 2988 apache2-ssl-dev_2.4.57-2ubuntu2.4_armhf.deb 4f8a4e7be06c2977797137fad4627c6ccb7f1ffa 12118 apache2-suexec-custom-dbgsym_2.4.57-2ubuntu2.4_armhf.ddeb 164ca03576fbd55bfc90c3d38624cae3f52f4367 15334 apache2-suexec-custom_2.4.57-2ubuntu2.4_armhf.deb c738f50a935e6636d2fa0d3acb872d8a57cb8910 10934 apache2-suexec-pristine-dbgsym_2.4.57-2ubuntu2.4_armhf.ddeb 9b8c80d236e99b408ee91cb8b611cf862f5349e8 13766 apache2-suexec-pristine_2.4.57-2ubuntu2.4_armhf.deb 0f7abfa5694dd8cf01611e9835ad403aead3d2da 118528 apache2-utils-dbgsym_2.4.57-2ubuntu2.4_armhf.ddeb b24313b6c20384a463c529865f16a4634aa960d6 96826 apache2-utils_2.4.57-2ubuntu2.4_armhf.deb 88bf3b4e70b91f440530079275d3a4b993b1d13b 11249 apache2_2.4.57-2ubuntu2.4_armhf.buildinfo 5db38ffc3ef0350b15dc1f9ded563d1b56af2a16 96894 apache2_2.4.57-2ubuntu2.4_armhf.deb df0f5f853795a45b933df34a7f2ee0abc949d094 800 libapache2-mod-md_2.4.57-2ubuntu2.4_armhf.deb 240f8056f352a89e8ca1e10d923938bafebf8b96 988 libapache2-mod-proxy-uwsgi_2.4.57-2ubuntu2.4_armhf.deb Checksums-Sha256: 69c5afebe19f0274ceefea14202a471cd2da28c98a3400554e3c89ad06257743 3257506 apache2-bin-dbgsym_2.4.57-2ubuntu2.4_armhf.ddeb a97c4d0b837b45dc0ca66d678c0a2ace45ef0fc56cc4878ff2e6bafcd141ff2c 1199058 apache2-bin_2.4.57-2ubuntu2.4_armhf.deb b559e3b950f2262da718e04d8b0a4c912328e3d616c6236e81f44f9696c946cc 199442 apache2-dev_2.4.57-2ubuntu2.4_armhf.deb 821d7a79c219b8267c784aee63e91b0809af74e63665797f7f3b59fcf29ac749 2988 apache2-ssl-dev_2.4.57-2ubuntu2.4_armhf.deb 738820511e0c905f0f643c45708029c0c2d6f33b6921edf23d6e555ef8da6dff 12118 apache2-suexec-custom-dbgsym_2.4.57-2ubuntu2.4_armhf.ddeb a4eb8e7e1b09e20121a84a8fcf5a29ad21faa98892386709224911bdffd4acfc 15334 apache2-suexec-custom_2.4.57-2ubuntu2.4_armhf.deb 5239da87414062c7f09db22e5c3acd81e7f0125383000fd5b035811fc43bf19a 10934 apache2-suexec-pristine-dbgsym_2.4.57-2ubuntu2.4_armhf.ddeb 477de30bb174ee768a5dc1341f9cb5f883c280441e9ea05f6a76dfbeb39f48cd 13766 apache2-suexec-pristine_2.4.57-2ubuntu2.4_armhf.deb 438e897d89dd02bb68826c6c3be1087d28af533ce35fcfcc32ce4b9dafc5433c 118528 apache2-utils-dbgsym_2.4.57-2ubuntu2.4_armhf.ddeb e6f05ec45ea9dabca2e0765d3e61f050cc789dd8bb65eb7db647cb74c8e79de6 96826 apache2-utils_2.4.57-2ubuntu2.4_armhf.deb 10de729e108b4bed70d9818d24a88595e910c46e9c4094a813506db8713e1bd3 11249 apache2_2.4.57-2ubuntu2.4_armhf.buildinfo 4b701bdf961afb4064d7ebf5d2cb8e330fbe853e0bcb4fcef4f1b0351cacec57 96894 apache2_2.4.57-2ubuntu2.4_armhf.deb 0d6fd7b2d8d91c71766d792b084e9da18822fb5a7405eca889858e75097acd82 800 libapache2-mod-md_2.4.57-2ubuntu2.4_armhf.deb 6c7d9ed8ae42bfbead3cc5de701a4c9d89a0bf295d310df96837742b4096d785 988 libapache2-mod-proxy-uwsgi_2.4.57-2ubuntu2.4_armhf.deb Files: c9dea96e0a0e5c0655fdf86946b9674c 3257506 debug optional apache2-bin-dbgsym_2.4.57-2ubuntu2.4_armhf.ddeb 38795cc38aaebc9a5aabd2a4587a33ec 1199058 httpd optional apache2-bin_2.4.57-2ubuntu2.4_armhf.deb 10de14ceb50b50a8efd3a4be16c2afce 199442 httpd optional apache2-dev_2.4.57-2ubuntu2.4_armhf.deb 8fa1f34a1be7c0a8ce02e94572635de5 2988 httpd optional apache2-ssl-dev_2.4.57-2ubuntu2.4_armhf.deb 85e1b01f4ed9c4655cdf729567a8e27f 12118 debug optional apache2-suexec-custom-dbgsym_2.4.57-2ubuntu2.4_armhf.ddeb c3cd0432614cdcdf835436bcc2a475f9 15334 httpd optional apache2-suexec-custom_2.4.57-2ubuntu2.4_armhf.deb 1550ec0a8b233e7419abfae71afb8cc7 10934 debug optional apache2-suexec-pristine-dbgsym_2.4.57-2ubuntu2.4_armhf.ddeb d9c27e180fd6a330994084795534cc2c 13766 httpd optional apache2-suexec-pristine_2.4.57-2ubuntu2.4_armhf.deb 62ffc96197d52abe30c192f28bd92db3 118528 debug optional apache2-utils-dbgsym_2.4.57-2ubuntu2.4_armhf.ddeb 68796c7c2e7966a8131a2406b33ce845 96826 httpd optional apache2-utils_2.4.57-2ubuntu2.4_armhf.deb 8999b23680fc1f44e7456be793ef9887 11249 httpd optional apache2_2.4.57-2ubuntu2.4_armhf.buildinfo bc2298bf98b82bdbcf35c310909e04ce 96894 httpd optional apache2_2.4.57-2ubuntu2.4_armhf.deb 255f4a3812d65a665890c1a64103d038 800 oldlibs optional libapache2-mod-md_2.4.57-2ubuntu2.4_armhf.deb bd12a60363817dd7efb7b0c842ccdbf5 988 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.57-2ubuntu2.4_armhf.deb Original-Maintainer: Debian Apache Maintainers