[ubuntu/bionic-security] apache2 2.4.29-1ubuntu4.16 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Jun 21 13:53:18 UTC 2021
apache2 (2.4.29-1ubuntu4.16) bionic-security; urgency=medium
* SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest
- debian/patches/CVE-2020-35452.patch: fast validation of the nonce's
base64 to fail early if the format can't match anyway in
modules/aaa/mod_auth_digest.c.
- CVE-2020-35452
* SECURITY UPDATE: DoS via cookie header in mod_session
- debian/patches/CVE-2021-26690.patch: save one apr_strtok() in
session_identity_decode() in modules/session/mod_session.c.
- CVE-2021-26690
* SECURITY UPDATE: heap overflow via SessionHeader
- debian/patches/CVE-2021-26691.patch: account for the '&' in
identity_concat() in modules/session/mod_session.c.
- CVE-2021-26691
* SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF'
- debian/patches/CVE-2021-30641.patch: change default behavior in
server/request.c.
- CVE-2021-30641
* This update does _not_ include the changes from 2.4.29-1ubuntu4.15 in
bionic-proposed.
Date: 2021-06-18 12:09:15.286966+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.16
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list