Package "libapache2-mod-md"

Name:	libapache2-mod-md
Description:	transitional package
Latest version:	2.4.58-1ubuntu8.5
Release:	noble (24.04)
Level:	updates
Repository:	universe
Head package:	apache2
Homepage:	https://httpd.apache.org/

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "libapache2-mod-md"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "libapache2-mod-md" in Noble

Repository	Area	Version
base	universe	2.4.58-1ubuntu8
security	universe	2.4.58-1ubuntu8.4
proposed	universe	2.4.58-1ubuntu8.5

Changelog

Version: 2.4.58-1ubuntu8.5	2024-11-14 22:06:48 UTC
`apache2 (2.4.58-1ubuntu8.5) noble; urgency=medium * SRU: LP: #2083480: No-change rebuild to disable frame pointers on ppc64el and s390x. -- Matthias Klose <email address hidden> Wed, 02 Oct 2024 14:40:51 +0200`
Source diff to previous version

Version: 2.4.58-1ubuntu8.4	2024-07-18 16:07:12 UTC
`apache2 (2.4.58-1ubuntu8.4) noble-security; urgency=medium * SECURITY UPDATE: source code disclosure with handlers configured via AddType - debian/patches/CVE-2024-40725.patch: copy the trusted flag from the subrequest in modules/http/http_request.c. - CVE-2024-40725 -- Marc Deslauriers <email address hidden> Wed, 17 Jul 2024 14:55:23 -0400`
Source diff to previous version

Version: 2.4.58-1ubuntu8.3 2024-07-11 23:07:22 UTC

apache2 (2.4.58-1ubuntu8.3) noble-security; urgency=medium * SECURITY REGRESSION: regression when proxying http2 (LP: #2072648) - debian/patches/CVE-2024-38477-2.patch: restart from the original URL on reconnect in modules/http2/mod_proxy_http2.c. -- Marc Deslauriers <email address hidden> Thu, 11 Jul 2024 10:41:54 -0400

Source diff to previous version

2072648	Regression in Apache 2.4.52-1ubuntu4.10 causes intermittent errors in mod_proxy_http2 backend
CVE-2024-38477	null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users

Version: 2.4.58-1ubuntu8.2 2024-07-08 20:07:33 UTC

apache2 (2.4.58-1ubuntu8.2) noble-security; urgency=medium * SECURITY UPDATE: null pointer dereference when serving WebSocket protocol upgrades over a HTTP/2 - debian/patches/CVE-2024-36387.patch: early exit if bb is null in modules/http2/h2_c2.c. - CVE-2024-36387 * SECURITY UPDATE: encoding problem in mod_proxy - debian/patches/CVE-2024-38473-1.patch: escape for non-proxypass configuration in modules/proxy/mod_proxy.c. - debian/patches/CVE-2024-38473-2.patch: fixup UDS filename for mod_proxy called through r->handler in modules/proxy/mod_proxy.c, modules/proxy/mod_proxy.h, modules/proxy/proxy_util.c. - debian/patches/CVE-2024-38473-3.patch: block inadvertent subst of special filenames in modules/mappers/mod_rewrite.c. - debian/patches/CVE-2024-38473-4.patch: fix comparison of local path on Windows in modules/mappers/mod_rewrite.c. - debian/patches/CVE-2024-38473-5.patch: factor out IS_SLASH, perdir fix in include/httpd.h, modules/mappers/mod_rewrite.c, server/util.c. - CVE-2024-38473 * SECURITY UPDATE: Substitution encoding issue in mod_rewrite - debian/patches/CVE-2024-38474_5.patch: tighten up prefix_stat and %3f handling in modules/mappers/mod_rewrite.c. - CVE-2024-38474 * SECURITY UPDATE: Improper escaping of output in mod_rewrite - Included in CVE-2024-38474_5.patch. - CVE-2024-38475 * SECURITY UPDATE: information disclosure, SSRF or local script execution - debian/patches/CVE-2024-38476.patch: add ap_set_content_type_ex to differentiate trusted sources in include/http_protocol.h, include/httpd.h, modules/http/http_protocol.c, modules/http/mod_mime.c, modules/mappers/mod_actions.c, modules/mappers/mod_negotiation.c, modules/mappers/mod_rewrite.c, modules/metadata/mod_headers.c, modules/metadata/mod_mime_magic.c, server/config.c, server/core.c. - CVE-2024-38476 * SECURITY UPDATE: null pointer dereference in mod_proxy - debian/patches/CVE-2024-38477.patch: validate hostname in modules/proxy/proxy_util.c. - CVE-2024-38477 * SECURITY UPDATE: Potential SSRF in mod_rewrite - Fixed by patches in previous CVEs. - CVE-2024-39573 * SECURITY UPDATE: source code disclosure with handlers configured via AddType - debian/patches/CVE-2024-39884.patch: maintain trusted flag in modules/cluster/mod_heartmonitor.c, modules/dav/main/mod_dav.c, modules/examples/mod_example_hooks.c, modules/filters/mod_data.c, modules/filters/mod_include.c, modules/filters/mod_proxy_html.c, modules/generators/mod_cgi.c, modules/generators/mod_cgid.c, modules/generators/mod_info.c, modules/generators/mod_status.c, modules/http/http_filters.c, modules/http/http_protocol.c, modules/http/http_request.c, modules/ldap/util_ldap.c, modules/mappers/mod_imagemap.c, modules/proxy/mod_proxy_balancer.c. - CVE-2024-39884 -- Marc Deslauriers <email address hidden> Thu, 04 Jul 2024 07:15:14 -0400

Source diff to previous version

CVE-2024-36387	Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, de
CVE-2024-38473	Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, po
CVE-2024-38474	Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by th
CVE-2024-38475	Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are p
CVE-2024-38476	Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend a
CVE-2024-38477	null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users
CVE-2024-39573	Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to
CVE-2024-39884	A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and si

Version: 2.4.58-1ubuntu8.1 2024-04-29 14:07:10 UTC

apache2 (2.4.58-1ubuntu8.1) noble-security; urgency=medium * SECURITY UPDATE: HTTP response splitting - debian/patches/CVE-2023-38709.patch: header validation after content-* are eval'ed in modules/http/http_filters.c. - CVE-2023-38709 * SECURITY UPDATE: HTTP Response Splitting in multiple modules - debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for non-http handlers in include/util_script.h, modules/aaa/mod_authnz_fcgi.c, modules/generators/mod_cgi.c, modules/generators/mod_cgid.c, modules/http/http_filters.c, modules/proxy/ajp_header.c, modules/proxy/mod_proxy_fcgi.c, modules/proxy/mod_proxy_scgi.c, modules/proxy/mod_proxy_uwsgi.c. - CVE-2024-24795 * SECURITY UPDATE: HTTP/2 DoS by memory exhaustion on endless continuation frames - debian/patches/CVE-2024-27316.patch: bail after too many failed reads in modules/http2/h2_session.c, modules/http2/h2_stream.c, modules/http2/h2_stream.h. - CVE-2024-27316 -- Marc Deslauriers <email address hidden> Thu, 18 Apr 2024 11:13:41 -0400

CVE-2023-38709	Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects
CVE-2024-24795	HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applicat
CVE-2024-27316	HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client do

About - Send Feedback to @ubuntu_updates

Package "libapache2-mod-md"

Links

Download "libapache2-mod-md"

Other versions of "libapache2-mod-md" in Noble

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

PPA updates