Package "apache2-utils"

Name:	apache2-utils
Description:	Apache HTTP Server (utility programs for web servers)
Latest version:	2.4.52-1ubuntu4.12
Release:	jammy (22.04)
Level:	updates
Repository:	main
Head package:	apache2
Homepage:	https://httpd.apache.org/

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "apache2-utils"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "apache2-utils" in Jammy

Repository	Area	Version
base	main	2.4.52-1ubuntu4
security	main	2.4.52-1ubuntu4.12
proposed	main	2.4.52-1ubuntu4.13

Changelog

Version: 2.4.52-1ubuntu4.7 2023-11-22 17:07:04 UTC

Version: 2.4.52-1ubuntu4.7	2023-11-22 17:07:04 UTC
apache2 (2.4.52-1ubuntu4.7) jammy-security; urgency=medium * SECURITY UPDATE: mod_macro buffer over-read - debian/patches/CVE-2023-31122.patch: fix length in modules/core/mod_macro.c. - CVE-2023-31122 * SECURITY UPDATE: Multiple issues in HTTP/2 - CVE-2023-43622: DoS in HTTP/2 with initial windows size 0 - CVE-2023-45802: HTTP/2 stream memory not reclaimed right away on RST - debian/patches/update_http2.patch: backport version 2.0.22 of mod_http2 from httpd 2.4.58. - CVE-2023-43622 - CVE-2023-45802 -- Marc Deslauriers <email address hidden> Thu, 26 Oct 2023 09:44:44 -0400
Source diff to previous version

apache2 (2.4.52-1ubuntu4.7) jammy-security; urgency=medium * SECURITY UPDATE: mod_macro buffer over-read - debian/patches/CVE-2023-31122.patch: fix length in modules/core/mod_macro.c. - CVE-2023-31122 * SECURITY UPDATE: Multiple issues in HTTP/2 - CVE-2023-43622: DoS in HTTP/2 with initial windows size 0 - CVE-2023-45802: HTTP/2 stream memory not reclaimed right away on RST - debian/patches/update_http2.patch: backport version 2.0.22 of mod_http2 from httpd 2.4.58. - CVE-2023-43622 - CVE-2023-45802 -- Marc Deslauriers <email address hidden> Thu, 26 Oct 2023 09:44:44 -0400

Source diff to previous version

Version: 2.4.52-1ubuntu4.6 2023-08-02 14:07:16 UTC

apache2 (2.4.52-1ubuntu4.6) jammy; urgency=medium * d/p/reenable-workers-in-standard-error-state-jammy-apache2.patch: fix issue with workers in apache2 which could not recover from its error state (LP: #2003189) -- Michal Maloszewski <email address hidden> Wed, 03 May 2023 22:02:51 +0200

Source diff to previous version

2003189

Passing health check does not recover worker from its error state

Version: 2.4.52-1ubuntu4.5 2023-04-27 15:11:16 UTC

apache2 (2.4.52-1ubuntu4.5) jammy; urgency=medium * d/p/mod_proxy_hcheck_jammy_fix_to_detect_support.patch: Fix issue where enabling mod_proxy_hcheck results in error (LP: #1998311) -- Michal Maloszewski <email address hidden> Wed, 01 Mar 2023 23:43:55 +0100

Source diff to previous version

1998311

mod_proxy_hcheck does not detect AJP/CPING support

Version: 2.4.52-1ubuntu4.4 2023-03-09 17:07:02 UTC

apache2 (2.4.52-1ubuntu4.4) jammy-security; urgency=medium * SECURITY UPDATE: HTTP request splitting with mod_rewrite and mod_proxy - debian/patches/CVE-2023-25690-1.patch: don't forward invalid query strings in modules/http2/mod_proxy_http2.c, modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy_ajp.c, modules/proxy/mod_proxy_balancer.c, modules/proxy/mod_proxy_http.c, modules/proxy/mod_proxy_wstunnel.c. - debian/patches/CVE-2023-25690-2.patch: Fix missing APLOGNO in modules/http2/mod_proxy_http2.c. - CVE-2023-25690 * SECURITY UPDATE: mod_proxy_uwsgi HTTP response splitting - debian/patches/CVE-2023-27522.patch: stricter backend HTTP response parsing/validation in modules/proxy/mod_proxy_uwsgi.c. - CVE-2023-27522 -- Marc Deslauriers <email address hidden> Wed, 08 Mar 2023 12:32:01 -0500

Source diff to previous version

CVE-2023-25690	Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected
CVE-2023-27522	HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. S

Version: 2.4.52-1ubuntu4.3 2023-02-01 16:09:35 UTC

apache2 (2.4.52-1ubuntu4.3) jammy-security; urgency=medium * SECURITY UPDATE: DoS via crafted If header in mod_dav - debian/patches/CVE-2006-20001.patch: fix error path for "Not" prefix parsing in modules/dav/main/util.c. - CVE-2006-20001 * SECURITY UPDATE: request smuggling in mod_proxy_ajp - debian/patches/CVE-2022-36760.patch: cleanup on error in modules/proxy/mod_proxy_ajp.c. - CVE-2022-36760 * SECURITY UPDATE: response header truncation issue - debian/patches/CVE-2022-37436.patch: fail on bad header in modules/proxy/mod_proxy_http.c, server/protocol.c. - CVE-2022-37436 -- Marc Deslauriers <email address hidden> Mon, 23 Jan 2023 13:34:42 -0500

CVE-2006-20001	A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header va
CVE-2022-36760	Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to sm
CVE-2022-37436	Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorpo

About - Send Feedback to @ubuntu_updates

Package "apache2-utils"

Links

Download "apache2-utils"

Other versions of "apache2-utils" in Jammy

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

PPA updates