Advisory: CLSA-2021:1635459129
OS: Ubuntu 16.04 ELS
Public date: 2021-10-28 00:00:00
Project: apache2
Version: 2.4.18-2ubuntu3.18
Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2021-1635459129.html
* SECURITY UPDATE: Unexpected URL matching with 'MergeSlashes OFF' - debian/patches/CVE-2021-30641.patch: legacy default slash-matching behavior with 'MergeSlashes OFF'. - CVE-2021-30641 * SECURITY UPDATE: heap overflow in mod_session - debian/patches/CVE-2021-26691.patch: A specially crafted SessionHeader sent by an origin server could cause a heap overflow. - CVE-2021-26691 * SECURITY UPDATE: NULL pointer dereference in mod_session - debian/patches/CVE-2021-26690.patch: A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service. - CVE-2021-26690 * SECURITY UPDATE: mod_auth_digest possible stack overflow by one nul byte - debian/patches/CVE-2020-35452.patch: A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. - CVE-2020-35452
apache2_2.4.18-2ubuntu3.18_amd64.deb apache2-bin_2.4.18-2ubuntu3.18_amd64.deb apache2-data_2.4.18-2ubuntu3.18_all.deb apache2-dev_2.4.18-2ubuntu3.18_amd64.deb apache2-doc_2.4.18-2ubuntu3.18_all.deb apache2-suexec-custom_2.4.18-2ubuntu3.18_amd64.deb apache2-suexec-pristine_2.4.18-2ubuntu3.18_amd64.deb apache2-utils_2.4.18-2ubuntu3.18_amd64.deb