Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Debian: DLA-2907-1 Critical: Apache Denial Of Service & Buffer Overflow

debian lts
Calendar Grey February 1, 2022
Dist Debian Esm H88
Important update regarding security vulnerabilities found in the Apache HTTP server for Debian LTS users. It is strongly advised to perform an upgrade to secure your system.
Two vulnerabilities have been discovered in the Apache HTTP server: CVE-2021-44224
Topics%20covered

Topics Covered

security advisory denial of service buffer overflow debian apache2

Summary

CVE-2021-44224

When operating as a forward proxy, Apache was depending on the setup
suspectable to denial of service or Server Side Request forgery.

CVE-2021-44790

A buffer overflow in mod_lua may result in denial of service or potentially
the execution of arbitrary code.

For Debian 9 stretch, these problems have been fixed in version
2.4.25-3+deb9u12.

We recommend that you upgrade your apache2 packages.

For the detailed security status of apache2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/apache2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

Package: apache2
Version: 2.4.25-3+deb9u12
CVE ID: CVE-2021-44224 CVE-2021-44790

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow debian apache2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here