Format: 1.8
Date: Thu, 18 Apr 2024 11:13:41 -0400
Source: apache2
Built-For-Profiles: noudeb
Architecture: source
Version: 2.4.58-1ubuntu8.1
Distribution: noble-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Changes:
 apache2 (2.4.58-1ubuntu8.1) noble-security; urgency=medium
 .
   * SECURITY UPDATE: HTTP response splitting
     - debian/patches/CVE-2023-38709.patch: header validation after
       content-* are eval'ed in modules/http/http_filters.c.
     - CVE-2023-38709
   * SECURITY UPDATE: HTTP Response Splitting in multiple modules
     - debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for
       non-http handlers in include/util_script.h,
       modules/aaa/mod_authnz_fcgi.c, modules/generators/mod_cgi.c,
       modules/generators/mod_cgid.c, modules/http/http_filters.c,
       modules/proxy/ajp_header.c, modules/proxy/mod_proxy_fcgi.c,
       modules/proxy/mod_proxy_scgi.c, modules/proxy/mod_proxy_uwsgi.c.
     - CVE-2024-24795
   * SECURITY UPDATE: HTTP/2 DoS by memory exhaustion on endless
     continuation frames
     - debian/patches/CVE-2024-27316.patch: bail after too many failed reads
       in modules/http2/h2_session.c, modules/http2/h2_stream.c,
       modules/http2/h2_stream.h.
     - CVE-2024-27316
Checksums-Sha1:
 df7fb222833a1250bff64494e02df4dfe4231a7c 3356 apache2_2.4.58-1ubuntu8.1.dsc
 1f8ce690d5501f352bbc55eab3a24da036744c2c 923724 apache2_2.4.58-1ubuntu8.1.debian.tar.xz
 d274d783965d3034fc46f8f369bd9423d9b4423a 8982 apache2_2.4.58-1ubuntu8.1_source.buildinfo
Checksums-Sha256:
 27038e9da445d8bb141f6cda12fdb57afbb2bc1b7e8f3498056b1ce2692f0632 3356 apache2_2.4.58-1ubuntu8.1.dsc
 f4d49109b36b0637f17e3e3b68d4b1e3ff358e52a27970e55a4edc382d774374 923724 apache2_2.4.58-1ubuntu8.1.debian.tar.xz
 91884bd7ecb0747cfc04111f80474a1df50aaf028e3f81227f1ae355fbd433e0 8982 apache2_2.4.58-1ubuntu8.1_source.buildinfo
Files:
 9a7cdcbd1491075142ff488eabd659a1 3356 httpd optional apache2_2.4.58-1ubuntu8.1.dsc
 e4a7c0dddf275b975e4eff4452e831ce 923724 httpd optional apache2_2.4.58-1ubuntu8.1.debian.tar.xz
 0a2672aca03af9d527f9ca3230b7af46 8982 httpd optional apache2_2.4.58-1ubuntu8.1_source.buildinfo
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>