Bug#1012553: bullseye-pu: package apache2/2.4.54-1~deb11u1
Control: tags -1 + confirmed
On Thu, 2022-06-09 at 09:16 +0200, Yadd wrote:
> Apache2 2.4.54 fixes several security issues:
> * moderate: mod_proxy_ajp: Possible request smuggling (CVE-2022-
> 26377)
> Inconsistent Interpretation of HTTP Requests ('HTTP Request
> Smuggling')
> vulnerability in mod_proxy_ajp of Apache HTTP Server allows an
> attacker
> to smuggle requests to the AJP server it forwards requests to.
> * low: read beyond bounds in mod_isapi (CVE-2022-28330)
> * low: read beyond bounds via ap_rwrite() (CVE-2022-28614)
> * low: Read beyond bounds in ap_strcmp_match() (CVE-2022-28615)
> * low: Denial of service in mod_lua r:parsebody (CVE-2022-29404)
> * low: mod_sed denial of service (CVE-2022-30522)
> * low: Information Disclosure in mod_lua with websockets (CVE-2022-
> 30556)
> * low: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism
> (CVE-2022-31813)
>
Please go ahead, bearing in mind that the window for getting uploads
into the 11.4 point release closes during this weekend.
Regards,
Adam
Reply to: