it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4937-1] apache2 security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 4937-1] apache2 security update
Date: Thu, 8 Jul 2021 17:14:14 +0000
Authentication-results: mail02.piratenpartei.de; dkim=none; spf=none (mail02.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/20210708171414.GA25863 AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=CRRt4VrfZcH8XLW4cbEYhIzgF6nTVEWfn4A75B5gERs=; b=BI fJ3AKufcHkun/fWfDkp5oR1p+W1sQYQ0hSdw4zYg51i65yjtzJ/3K9p16gQOxNh6gtKX5XuHWVHmq KvQg0i0TCh4xUVdHnls6yYlYHKDoTmf+gyQlaQ3r6DMy8XpY4nxpxlWx4Gcokmj2nhUuD/aGmmNDs iOwWAcpRJgsjCkERrGp0jHcAn1BUkjc1S77NNxihFdQ2P9AV5sMwL4aKZ6yBunIxOKzc4zXdFkhqg wjSqaCnAtH+X6jlnsYtlKheDXgd12eWL62rA/M+irlRGR7SabHGmX+kiOQFgxw+kPWdU8eOSuJLwV gvBfTEVmFFDIuhb4re1QV7gkY/7F2yZw==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Thu, 8 Jul 2021 17:14:35 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <FHlK2SZP41C.A.M6B.7Jz5gB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4937-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 08, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : apache2
CVE ID : CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641
CVE-2021-31618

Several vulnerabilities have been found in the Apache HTTP server, which
could result in denial of service. In addition the implementation of
the MergeSlashes option could result in unexpected behaviour.

For the stable distribution (buster), these problems have been fixed in
version 2.4.38-3+deb10u5.

We recommend that you upgrade your apache2 packages.

For the detailed security status of apache2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/apache2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDnMiAACgkQEMKTtsN8
TjbNqg/9Hrd2EqNC4ijkjHNI/B6K74GgElHVSNcF/vbOp0zmOHaRLaOr06rfXmz+
AYM9nJR4xNJQWaXKFXpCVNvmlaKKbgyiK1LFrslh4aOCVdaVxQIYlYEeOoHthc1K
fZawY6qhGf4VrgSkTNhaKakNikpf4lqh7L14LUFSA0b9nRkAy7CtqGuOzgEaUR26
qRUjPewKCeE2QhMgA63ne+XxPUF4I2WYEV8SPdKRfPmMwFlUpwB8bvherjDV+53H
ZRs81ZMHk05N1ESI2wYGSR/dh/xYqt/01cXJ636JR39AQR51beIVtxekzwTW/aPE
mC2ZY7aH4rsLqcFe3bJcVPQjD0r/fHUVSex1Mnr7mETD5aHAohUfHLEEV1+qR8Cx
gz8Z63k0KvmVNe7WetGzwsWnvOXnDdRr63qM0UqEkd3Tre0tLWXjmTUfdUcicAof
NsXPtJT8eNwi+E9YmpY5IQRE88uQ2sk2NTGaQ4EetMpLqX5h7brF15OTVxqVbUPP
sqAZpgz6lD2Y0P4tXGCYP3u+B48pcNqOS66JJNHO9gJgVu3O+MDQFss+Z5P5JKzI
H/KJMv58eFlyP+SsGZbHcDuH/IN8ZMvJA4gsrtHDzRoowFBOS1zDXJjEYdAlzEyq
B1SgwN1PXkxPDUAF2+z9dvAeEOrMUUhQhTOC4OnxFxPssSwHEps=
=O0O+
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 4937-1] apache2 security update, Moritz Muehlenhoff, 08.07.2021

Archiv bereitgestellt durch MHonArc 2.6.24.