Advisory: CLSA-2022:1648136327
OS: Ubuntu 16.04 ELS
Public date: 2022-03-24 00:00:00
Project: apache2
Version: 1:2.4.18-2ubuntu3.17+tuxcare.els4
Errata link: https://errata.tuxcare.com/els_os/ubuntu16.04els/CLSA-2022-1648136327.html
* SECURITY UPDATE: mod_lua Use of uninitialized value of in r:parsebody - debian/patches/CVE-2022-22719.patch: refactor lua_read_body() in order to catch all possible errors - CVE-2022-22719 * SECURITY UPDATE: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier - debian/patches/CVE-2022-22720.patch: simpler connection close logic if discarding the request body fails - CVE-2022-22720 * SECURITY UPDATE: Possible buffer overflow with very large or unlimited LimitXMLRequestBody - debian/patches/CVE-2022-22721.patch: make sure and check that LimitXMLRequestBody fits in system memory - CVE-2022-22721 * SECURITY UPDATE: mod_sed: Read/write beyond bounds - debian/patches/CVE-2022-23943.patch: use size_t to allow for larger buffer sizes and unsigned arithmetics and refactor logic flow of sed_write_output() - CVE-2022-23943 apache2 (1:2.4.18-2ubuntu3.17+tuxcare.els3) xenial-security; urgency=medium
Update command: apt-get update apt-get --only-upgrade install apache*
apache2_2.4.18-2ubuntu3.17+tuxcare.els4_amd64.deb apache2-bin_2.4.18-2ubuntu3.17+tuxcare.els4_amd64.deb apache2-data_2.4.18-2ubuntu3.17+tuxcare.els4_all.deb apache2-dev_2.4.18-2ubuntu3.17+tuxcare.els4_amd64.deb apache2-doc_2.4.18-2ubuntu3.17+tuxcare.els4_all.deb apache2-suexec-custom_2.4.18-2ubuntu3.17+tuxcare.els4_amd64.deb apache2-suexec-pristine_2.4.18-2ubuntu3.17+tuxcare.els4_amd64.deb apache2-utils_2.4.18-2ubuntu3.17+tuxcare.els4_amd64.deb