[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2907-1] apache2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2907-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Anton Gladky
February 01, 2022                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : apache2
Version        : 2.4.25-3+deb9u12
CVE ID         : CVE-2021-44224 CVE-2021-44790

Two vulnerabilities have been discovered in the Apache HTTP server:

CVE-2021-44224

    When operating as a forward proxy, Apache was depending on the setup
    suspectable to denial of service or Server Side Request forgery.

CVE-2021-44790

    A buffer overflow in mod_lua may result in denial of service or potentially
    the execution of arbitrary code.

For Debian 9 stretch, these problems have been fixed in version
2.4.25-3+deb9u12.

We recommend that you upgrade your apache2 packages.

For the detailed security status of apache2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/apache2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmH5o6AACgkQ0+Fzg8+n
/waQSA//fTkCFFZZ/s0vp91MOaNIMjOh8TYgohRuYSlM6AN9Iq49L5mhFfrcXiD9
dG/oYNRHVw7cTgjIi2Uj3p+UCP/WmdfDPV4kyPAMSfeviJks0rlGE7qTvgFr11pL
OcJBe6tR2P/MrLJhQkV5ThgBZjHgQ31todCw7dnoVg2rip8oeeEiY1JbPUvo5gYg
3zXTENYKMf7yxGNkQEfSLOC80fCsUAxR+szqdfx0li4h6+3aI7gkufVszn2YpalQ
KEOJk7/0rvhdMIkZVaNVQERhyiiPVQ1meeX2aW6onhvmMp/JepkL30afVhcOSWbr
QQYSsYfj/NpjOIYLc8NCRUFdB0cPlRtTETOJTDk2dkBNrESztGPA1procz5RscAR
EuyPAqwDivd+SVhsXc0p6UPpEK24GB2mJTLQAdbw5I/4oREQNQIJ4Pttqtm/WurJ
ecOVZ1/CxbBr2/tUh56DTmXWTWvH714aAlcgpU+sJROz2/VBLFagpg/pxIAu9mM1
SY6GQYqEtfK7wl8lbn0lrVMh9bco+iNlCZB1amXcsSKKYFeUeHcDPjPvtMZIzg/c
l1hgE4D0t2LoEiCX7btPCWvmAyP3j+XMqsnKbH9NHL2fQcIZgq0B+nc2m4TThmI1
hY8BT2ltvJn+aFGNaD2lgpffzSQ7eZmR+mP4mqE2m/wQDKDIuTs=
=BHJi
-----END PGP SIGNATURE-----


Reply to: