[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1012553: bullseye-pu: package apache2/2.4.54-1~deb11u1

Control: tags -1 + confirmed

On Thu, 2022-06-09 at 09:16 +0200, Yadd wrote:
> Apache2 2.4.54 fixes several security issues:
>  * moderate: mod_proxy_ajp: Possible request smuggling (CVE-2022-
> 26377)
>    Inconsistent Interpretation of HTTP Requests ('HTTP Request
> Smuggling')
>    vulnerability in mod_proxy_ajp of Apache HTTP Server allows an
> attacker
>    to smuggle requests to the AJP server it forwards requests to.
>  * low: read beyond bounds in mod_isapi (CVE-2022-28330)
>  * low: read beyond bounds via ap_rwrite() (CVE-2022-28614)
>  * low: Read beyond bounds in ap_strcmp_match() (CVE-2022-28615)
>  * low: Denial of service in mod_lua r:parsebody (CVE-2022-29404)
>  * low: mod_sed denial of service (CVE-2022-30522)
>  * low: Information Disclosure in mod_lua with websockets (CVE-2022-
> 30556)
>  * low: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism
> (CVE-2022-31813)
> 

Please go ahead, bearing in mind that the window for getting uploads
into the 11.4 point release closes during this weekend.

Regards,

Adam
Reply to: