Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2348
apache2 security update
12 July 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: apache2
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-31618 CVE-2021-30641 CVE-2021-26691
CVE-2021-26690 CVE-2020-35452 CVE-2020-1934
CVE-2020-1927
Reference: ASB-2021.0086
ESB-2021.2341
ESB-2021.2260.2
ESB-2021.2253
ESB-2021.2229
Original Bulletin:
https://www.debian.org/lts/security/2021/dla-2706
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2706-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
July 09, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : apache2
Version : 2.4.25-3+deb9u10
CVE ID : CVE-2020-1927 CVE-2020-1934 CVE-2020-35452 CVE-2021-26690
CVE-2021-26691 CVE-2021-30641 CVE-2021-31618
Several vulnerabilities have been found in the Apache HTTP server, which
could result in denial of service. In addition the implementation of
the MergeSlashes option could result in unexpected behaviour.
For Debian 9 stretch, these problems have been fixed in version
2.4.25-3+deb9u10.
We recommend that you upgrade your apache2 packages.
For the detailed security status of apache2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/apache2
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmDoDc0ACgkQnUbEiOQ2
gwIbPQ/8DJNz+cq+k5zyEGb1j6yq63G4gQIKuK9AwKNl3QV8j6f7EXdHRke50Lqn
2wFUF94WlPnx0IPdK5gAxNDR2RRh9sOz8MxwVmRqWrPZVvlC2E0yZzCpaN7kQmLQ
deealB/doRpA16gNUTJWXNx22lQTwbgaHK3rLorMUM2C7PUMrS0HJBZ4jlBRoWU3
ZmpDrppPdGmn0IuDdS96SW0GmaqkbXwjqocP1RUmZgdVLK6XakCwvZrq2srj1CQn
yqiLYvzZhfzNR0ZC2f99uXabfjIQyEYGQUjnOOsNO0ziJAxFfqdnY+ibv2EK8F07
Da0z8etvmZfdq7mii2d+YHouCZAXWCXn56hZt4uQ8kf3QMmSRRy9nYbcKu8SMlcO
djMn+vcusQK7U8nkLcMqj/jm32FKWruxm22RmDdDeZhp4zbFcR4hcRqRwr/egtoP
XTXBrvGyIJwHaIaQsN0mrTnF60kXZtexQqBA3H8r0296AOClqyw0a2eBorTf2SbA
lHZ2eBli+ZYKcZOdxRPedGhVDcoXq8+niEbRJovD8Ka5U4t2X5M1u7ZP4M/ZubHg
sTrecRViPY+y0wvaxBKp6P54Ap38iBPsR/g4FJpjOI+kXc8cy8VWnM3Xg3qPNmHk
2bddQdLTvC3L3YBt1IAUXYSLXKa49A57u/vpV5zlC16Dica36ps=
=WUI2
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYOuW2eNLKJtyKPYoAQhPKw/+KKlZVGKKxp3IRmslXKQj+c9oJEeT1eLp
7hhVMhXFuCBErGGWLVtkHyXksp//HmHcDIhm5WSNkE5bAuFWRqkVAaPxTLBNEdJp
2HNCPGccm2nTLfGwTxGXM9CtxtFVvvJOTbqMUF8Fm/9ZLlN3T7hebXMjPRmau2bh
EmvI87QTSMt6sTiRyz9jJcAGIs/edMgGGwk0a7eMMTjRkJnBLF5HqrJQa8/lxJfp
sUwtHQY/F2TWL9Y9bEnLbthSZ43dbZaeiiHcD6H35sbFv7jQK7cT6C6mO4OK4zZ0
SZzhADP6vM9eX6qpNPsNVR5Zk4G4cmuJa7lG9E1/J7MJW4mKGrEwFl3gkrwy75kl
KrBUSP7VFjqv3csn5lBL35/J8bi5j/ZHvIXoVdoUwJ+MkOGQbR/qu4En2oI5VfIg
H4FE+AjzY3V/IAhJyWBwpotLec5Kh3Z/+GgRUfNqKy0ZT/e+y/0Xrv1k2wCKMz8z
8JO2enBmXKE90OYf47Zd6f3fkgwTgf322puPeRC6GqIF4gIiIIyVL/yuNbu1Zkde
DNg48M4ZfnFq91GSrshP4YqD2y0DO3EoHt5DHomv4u+LwG2UGTKeixdCmdwyDxDT
dJnanK293RD71tF57H/HvMpQ3aRXEMQmizc/WooDuqXCQRYoJkyTKHbygrgyiGYg
TqeRgz9+4IE=
=strm
-----END PGP SIGNATURE-----