Release date:
2022-03-24 15:38:47 UTC
Description:
* SECURITY UPDATE: mod_lua Use of uninitialized value of in r:parsebody
- debian/patches/CVE-2022-22719.patch: refactor lua_read_body() in order to catch
all possible errors
- CVE-2022-22719
* SECURITY UPDATE: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier
- debian/patches/CVE-2022-22720.patch: simpler connection close logic if discarding the
request body fails
- CVE-2022-22720
* SECURITY UPDATE: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
- debian/patches/CVE-2022-22721.patch: make sure and check that LimitXMLRequestBody fits
in system memory
- CVE-2022-22721
* SECURITY UPDATE: mod_sed: Read/write beyond bounds
- debian/patches/CVE-2022-23943.patch: use size_t to allow for larger buffer sizes and
unsigned arithmetics and refactor logic flow of sed_write_output()
- CVE-2022-23943
apache2 (1:2.4.18-2ubuntu3.17+tuxcare.els3) xenial-security; urgency=medium
Updated packages:
-
apache2_2.4.18-2ubuntu3.17+tuxcare.els4_amd64.deb
sha:6e1e37b6f1c0c90bde17d98cd6e31f0fed4aeeb5
-
apache2-bin_2.4.18-2ubuntu3.17+tuxcare.els4_amd64.deb
sha:a20940b0171c5eec5ab001fcb762a49d79388e39
-
apache2-data_2.4.18-2ubuntu3.17+tuxcare.els4_all.deb
sha:bfa44ea8d6a27c4ef5a86b045b9465b0d8a9c832
-
apache2-dev_2.4.18-2ubuntu3.17+tuxcare.els4_amd64.deb
sha:8e750f2eef6e1682647aa0d5f3d045fa43c0b429
-
apache2-doc_2.4.18-2ubuntu3.17+tuxcare.els4_all.deb
sha:bf32725a4337dea65db97300e3a511ea4f2d97e4
-
apache2-suexec-custom_2.4.18-2ubuntu3.17+tuxcare.els4_amd64.deb
sha:7f22e20ec35a5fb99e9cb8fb04d28707a4393cbb
-
apache2-suexec-pristine_2.4.18-2ubuntu3.17+tuxcare.els4_amd64.deb
sha:da5505da5ad6498a447a6acac69f8fff32de7782
-
apache2-utils_2.4.18-2ubuntu3.17+tuxcare.els4_amd64.deb
sha:336a6170ec6cb95b0d38913efdba5dfaa207ae51
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
