it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5729-1] apache2 security update

From: Salvatore Bonaccorso <carnil AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5729-1] apache2 security update
Date: Thu, 11 Jul 2024 19:40:55 +0000
List-archive: https://lists.debian.org/msgid-search/E1sRzex-0038Lt-RX AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=Asvebv2WSdcIE9ikBS4PkstrSxWfHkC0yKXCmSmzGhM=; b=qW TlgoZ6R4uprGkg7GEmYdK/uH993PlDA7Tt28Tc99L1ln9uOvFQFhg1P6UT29FnhtJUHX0qrunh6EG RbciCD9vSWLIyGuh6Hrv7SDrnm6U/FYo2A4ElFMRkUHw7Te2si5aGfUhdJ1AZJ5XwL8m//EalWdb+ 8FTonDbEQCSO8povvDqcoJEjSyxd1Ru2uc1IwVJoceMW0tKteY3Ja1GzaZniTCp+TWpubx9pB+6DX RlGYrdv/D8c8XLBRfVDOtvdhXhlDZpKqyAfjpY43E011U4LS0hAtLU3Ukc9Acu9Ab1lf3FyJJVRcS GQjSiRqBtymuJYXhL2fQvc4YPmyvgFlg==;
Old-return-path: <carnil AT seger.debian.org>
Priority: urgent
Resent-date: Thu, 11 Jul 2024 19:41:18 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <YE6xOQFKnfL.A.dV2L.eVDkmB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5729-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 11, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : apache2
CVE ID : CVE-2024-36387 CVE-2024-38473 CVE-2024-38474 CVE-2024-38475
CVE-2024-38476 CVE-2024-38477 CVE-2024-39573

Multiple vulnerabilities have been discovered in the Apache HTTP server,
which may result in authentication bypass, execution of scripts in
directories not directly reachable by any URL, server-side request
forgery or denial of service.

For the oldstable distribution (bullseye), these problems have been fixed
in version 2.4.61-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 2.4.61-1~deb12u1.

We recommend that you upgrade your apache2 packages.

For the detailed security status of apache2 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/apache2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaQNRxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SZZxAAoEqC3wBFMdy9K6ZiNYlNYX/jnQEI8lvwTJJIivK19FZfA+/Tqjn94EUl
zkG0MOkwU4KhuCKliFtUDQpTF0U7+BxTnJaCdjIXbSHJirrwQJpfH9urESpHoHx+
GD4eN7XL9zb3XIYSToX1rwcCiz5/Mh96+q8e1IF7mTEYcozZdrgLVGWDk7sCu/E9
MeXgUTn1nZPcNmWlky6yfeSdt8coywMUUJU9AXnb4znW2jA75M+38XajINHyRjuy
iuxSVqwBmBFUMOpMf7mm+0KsMfg7DGX230wHszWi8QNNLsjUDpDx/wxuwVvAgw6E
Kxk3OPbQ2o3zweyYS4BIypswBhyFM/UP4imnJ65dY+eFMYNy1gpXLKrU4ufr9ZwZ
u/dbRglC7Lno9/6+a6y/KU7iSVeGJS59Bj0k8jMsnj10QjMLOQYOEeK80GHzsDdf
87fr8zVwYgkXngM3xfaGeYYziVn88xTTGp/WGo6Rrv/jAU0MLFXQnMvzKTk4wwGN
sHH+wOTKlLWcpzPWOGPyIIxdA3fUqZMnqGLnq2NUDnjvAYJEmfrfp7b03sXRyXKx
hQhBYL3yADm6Iabax5A/65XZQFKF6yIVAzfAbIUd4ZMMsSCrDBw8bKsfucVRu/YZ
aw/5A9G6s8vumlbuLPTHoeJEAhBlefrVEkD26DPoTa455VLWnrI=
=w/tp
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5729-1] apache2 security update, Salvatore Bonaccorso, 11.07.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.