Univention Bugzilla – Bug 53894
apache2: Multiple issues (5.0)
Last modified: 2021-10-14 12:37:23 CEST
New Debian apache2 2.4.38-3+deb10u6 fixes: This update addresses the following issues: * NULL pointer dereference via malformed requests (CVE-2021-34798) * mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160) * out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275) * mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438)
--- mirror/ftp/pool/main/a/apache2/apache2_2.4.38-3+deb10u5A~5.0.0.202107120954.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/apache2_2.4.38-3+deb10u6.dsc @@ -1,7 +1,12 @@ -2.4.38-3+deb10u5A~5.0.0.202107120954 [Mon, 12 Jul 2021 09:54:54 +0200] Univention builddaemon <buildd@univention.de>: +2.4.38-3+deb10u6 [Thu, 30 Sep 2021 05:50:49 +0200] Yadd <yadd@debian.org>: - * UCS auto build. The following patches have been applied to the original source package - 20-no-proxy + [ Yadd, Moritz Muehlenhoff ] + * Initialize the request fields on read failure to avoid NULLs + (Closes: CVE-2021-34798) + * mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker + (Closes: CVE-2021-36160) + * Fix ap_escape_quotes with pre-escaped quotes (Closes: CVE-2021-39275) + * Sanity checks on the configured UDS path (Closes: CVE-2021-40438) 2.4.38-3+deb10u5 [Thu, 10 Jun 2021 12:13:06 +0200] Yadd <yadd@debian.org>: <http://piuparts.knut.univention.de/5.0-0/#5462403678322729079>
REOPEN: Missing patch 20-no-proxy
Package: apache2 Version: 2.4.38-3+deb10u6A~5.0.0.202110130658 Branch: ucs_5.0-0 Scope: errata5.0-0
--- mirror/ftp/pool/main/a/apache2/apache2_2.4.38-3+deb10u5A~5.0.0.202107120954.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/apache2_2.4.38-3+deb10u6A~5.0.0.202110130658.dsc @@ -1,7 +1,17 @@ -2.4.38-3+deb10u5A~5.0.0.202107120954 [Mon, 12 Jul 2021 09:54:54 +0200] Univention builddaemon <buildd@univention.de>: +2.4.38-3+deb10u6A~5.0.0.202110130658 [Wed, 13 Oct 2021 06:58:04 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 20-no-proxy + +2.4.38-3+deb10u6 [Thu, 30 Sep 2021 05:50:49 +0200] Yadd <yadd@debian.org>: + + [ Yadd, Moritz Muehlenhoff ] + * Initialize the request fields on read failure to avoid NULLs + (Closes: CVE-2021-34798) + * mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker + (Closes: CVE-2021-36160) + * Fix ap_escape_quotes with pre-escaped quotes (Closes: CVE-2021-39275) + * Sanity checks on the configured UDS path (Closes: CVE-2021-40438) 2.4.38-3+deb10u5 [Thu, 10 Jun 2021 12:13:06 +0200] Yadd <yadd@debian.org>: <http://piuparts.knut.univention.de/5.0-0/#6049288803626639878>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-0] 377c1a445d Bug #53894: apache2 2.4.38-3+deb10u6A~5.0.0.202110130658 doc/errata/staging/apache2.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [5.0-0] 6ac0face34 Bug #53894: apache2 2.4.38-3+deb10u6 doc/errata/staging/apache2.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [5.0-0] bd1c42338d Bug #53894: apache2 2.4.38-3+deb10u6 doc/errata/staging/apache2.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x117>
(In reply to Julia Bremer from comment #6) > <https://errata.software-univention.de/#/?erratum=5.0x117> Possible regression with `ProxyPass`: <https://bz.apache.org/bugzilla/show_bug.cgi?id=65616> respectively <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995368#48> At least 'mailman3-web' is affected <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996105>