Release date:
2024-10-09 13:05:34 UTC
Description:
* SECURITY UPDATE: Memory exhaustion due to excessive HTTP/2 incoming headers
buffering
- debian/patches/CVE-2024-27316.patch: Fix to bail after too many failed
reads, increment count on request headers failed to add
- CVE-2024-27316
* SECURITY UPDATE: Faulty input validation in the core of Apache allows
malicious or exploitable backend/content generators to split HTTP responses
- debian/patches/CVE-2023-38709.patch: header validation after content-*
are eval'ed
- CVE-2023-38709
* SECURITY UPDATE: HTTP response splitting in multiple modules in Apache HTTP
Server allows an attacker that can inject malicious response headers into
backend applications to cause an HTTP desynchronization attack
- debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for non-http
handlers
- CVE-2024-24795
Updated packages:
-
apache2_2.4.29-1ubuntu4.27+tuxcare.els4_amd64.deb
sha:0177ba9e9b43391c3a7a9047afd3dc3b4a99f7ea
-
apache2-bin_2.4.29-1ubuntu4.27+tuxcare.els4_amd64.deb
sha:5f68ad84766549ccc6f43a389fdd7aa7fe3ec993
-
apache2-data_2.4.29-1ubuntu4.27+tuxcare.els4_all.deb
sha:a8e8cd0374214f4891d8b92844667d82f7c3658c
-
apache2-dev_2.4.29-1ubuntu4.27+tuxcare.els4_amd64.deb
sha:c36905893bbb0346c69741df137b5bb90199d3fa
-
apache2-doc_2.4.29-1ubuntu4.27+tuxcare.els4_all.deb
sha:11dbaf47f0ab5c86f269613f7ade4257471972f4
-
apache2-ssl-dev_2.4.29-1ubuntu4.27+tuxcare.els4_amd64.deb
sha:8fdd64f8ac2208924c59f9af0928ad2dc787a40e
-
apache2-suexec-custom_2.4.29-1ubuntu4.27+tuxcare.els4_amd64.deb
sha:83170f28c3bbcd81dc9923aac61122454e326df7
-
apache2-suexec-pristine_2.4.29-1ubuntu4.27+tuxcare.els4_amd64.deb
sha:b32849f79f3ed1726f1c3e681dea05bd3684984f
-
apache2-utils_2.4.29-1ubuntu4.27+tuxcare.els4_amd64.deb
sha:8cd5cea4eb5edb866fe666cd32ac356d86437328
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
