Univention Bugzilla – Bug 53865
apache2: Multiple issues (4.4)
Last modified: 2021-10-06 17:05:52 CEST
New Debian apache2 2.4.25-3+deb9u11A~4.4.8.202110040913 fixes: This update addresses the following issues: * NULL pointer dereference via malformed requests (CVE-2021-34798) * out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275) * mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438)
--- mirror/ftp/4.4/unmaintained/component/4.4-8-errata/source/apache2_2.4.25-3+deb9u10A~4.4.8.202107120934.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/apache2_2.4.25-3+deb9u11A~4.4.8.202110040913.dsc @@ -1,9 +1,20 @@ -2.4.25-3+deb9u10A~4.4.8.202107120934 [Mon, 12 Jul 2021 09:42:18 +0200] Univention builddaemon <buildd@univention.de>: +2.4.25-3+deb9u11A~4.4.8.202110040913 [Mon, 04 Oct 2021 09:22:08 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 05-autostart-setting 10-apache2-reload 20-no-proxy + +2.4.25-3+deb9u11 [Sat, 02 Oct 2021 15:27:55 +0200] Sylvain Beucler <beuc@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * CVE-2021-34798: malformed requests may cause the server to dereference + a NULL pointer. + * CVE-2021-39275: ap_escape_quotes() may write beyond the end of a + buffer when given malicious input. No included modules pass untrusted + data to these functions, but third-party / external modules may. + * CVE-2021-40438: a crafted request uri-path can cause mod_proxy to + forward the request to an origin server choosen by the remote user. 2.4.25-3+deb9u10 [Fri, 09 Jul 2021 10:12:34 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: <http://piuparts.knut.univention.de/4.4-8/#6919747816611873319>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 28f5d22dfb Bug #53865: apache2 2.4.25-3+deb9u11A~4.4.8.202110040913 doc/errata/staging/apache2.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1061>