logo
DATABASE RESOURCES PRICING ABOUT US

apache2 - security update

Description

Two vulnerabilities have been discovered in the Apache HTTP server: * [CVE-2021-44224](https://security-tracker.debian.org/tracker/CVE-2021-44224) When operating as a forward proxy, Apache was depending on the setup suspectable to denial of service or Server Side Request forgery. * [CVE-2021-44790](https://security-tracker.debian.org/tracker/CVE-2021-44790) A buffer overflow in mod\_lua may result in denial of service or potentially the execution of arbitrary code. For Debian 9 stretch, these problems have been fixed in version 2.4.25-3+deb9u12. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: <https://security-tracker.debian.org/tracker/apache2> Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: <https://wiki.debian.org/LTS>


Affected Software


CPE Name Name Version
apache2 2.4.25-3
apache2 2.4.25-3+deb9u1
apache2 2.4.25-3+deb9u6
apache2 2.4.25-3+deb9u2
apache2 2.4.25-3+deb9u9
apache2 2.4.25-3+deb9u5
apache2 2.4.25-3+deb9u10
apache2 2.4.25-3+deb9u7
apache2 2.4.25-3+deb9u8
apache2 2.4.25-3+deb9u3
apache2 2.4.25-3+deb9u4
apache2 2.4.25-3+deb9u11

Related