Advisory: CLSA-2021:1635458969
OS: Ubuntu 16.04 ELS
Public date: 2021-10-28 00:00:00
Project: apache2
Version: 2.4.18-2ubuntu3.19
Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2021-1635458969.html
* SECURITY UPDATE: Buffer overflow with crafted input - debian/patches/CVE-2021-39275.patch:ap_escape_quotes() may write beyond the end of a buffer when given malicious input - CVE-2021-39275 * SECURITY UPDATE: Malformed requests may cause the server to dereference a NULL pointer - debian/patches/CVE-2021-34798.patch: prevent ap_increment_counts() from pointer dereference without check - CVE-2021-34798 * SECURITY UPDATE: A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. - debian/patches/CVE-2021-40438.patch: add checks for the configured UDS path - CVE-2021-40438
apache2_2.4.18-2ubuntu3.19_amd64.deb apache2-bin_2.4.18-2ubuntu3.19_amd64.deb apache2-data_2.4.18-2ubuntu3.19_all.deb apache2-dev_2.4.18-2ubuntu3.19_amd64.deb apache2-doc_2.4.18-2ubuntu3.19_all.deb apache2-suexec-custom_2.4.18-2ubuntu3.19_amd64.deb apache2-suexec-pristine_2.4.18-2ubuntu3.19_amd64.deb apache2-utils_2.4.18-2ubuntu3.19_amd64.deb