Release Info

Advisory: CLSA-2021:1640697114

OS: Ubuntu 16.04 ELS

Public date: 2021-12-28 00:00:00

Project: apache2

Version: 1:2.4.18-2ubuntu3.17+tuxcare.els3

Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2021-1640697114.html

Changelog

* SECURITY UPDATE: buffer overflow in the mod_lua multipart parser - debian/patches/CVE-2021-44970.patch: add test to prevent integer overflow in req_parsebody() - CVE-2021-44970 * SECURITY UPDATE: null pointer dereference in reverse proxy module - debian/patches/CVE-2021-44224.patch: add tests for return value of ap_proxy_de_socketfy() - CVE-2021-44224

Update

Update command: apt-get update apt-get --only-upgrade install apache*

Packages list

apache2_2.4.18-2ubuntu3.17+tuxcare.els3_amd64.deb apache2-bin_2.4.18-2ubuntu3.17+tuxcare.els3_amd64.deb apache2-data_2.4.18-2ubuntu3.17+tuxcare.els3_all.deb apache2-dev_2.4.18-2ubuntu3.17+tuxcare.els3_amd64.deb apache2-doc_2.4.18-2ubuntu3.17+tuxcare.els3_all.deb apache2-suexec-custom_2.4.18-2ubuntu3.17+tuxcare.els3_amd64.deb apache2-suexec-pristine_2.4.18-2ubuntu3.17+tuxcare.els3_amd64.deb apache2-utils_2.4.18-2ubuntu3.17+tuxcare.els3_amd64.deb

CVEs

CVE-2021-44790
CVE-2021-44224