Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Debian: DSA-5040-1 High: Nginx Denial of Service and Memory Leak

debian
Calendar Grey January 4, 2022
Debian Logo
Recent security issues identified in Apache HTTP server could lead to Denial of Service (DoS) and remote code execution. Debian users should prioritize upgrading their systems.
Two vulnerabilities have been discovered in the Apache HTTP server: CVE-2021-44224

Summary

Two vulnerabilities have been discovered in the Apache HTTP server:

CVE-2021-44224

When operating as a forward proxy, Apache was depending on the setup
suspectible to denial of service or Server Side Request forgery.

CVE-2021-44790

A buffer overflow in mod_lua may result in denial of service or
potentially the execution of arbitrary code.

For the oldstable distribution (buster), these problems have been fixed
in version 2.4.38-3+deb10u7.

For the stable distribution (bullseye), these problems have been fixed in
version 2.4.52-1~deb11u2.

We recommend that you upgrade your apache2 packages.

For the detailed security status of apache2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/apache2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Package: apache2
CVE ID: CVE-2021-44224 CVE-2021-44790

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.