[SECURITY] [DSA 5376-1] apache2 security update

2023-03-2018:52:17

lists.debian.org

apache http server

http response splitting

denial of service

cve-2006-20001

cve-2022-36760

cve-2022-37436

cve-2023-25690

cve-2023-27522

debian security advisory

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

Low

EPSS

0.023

Percentile

90.0%

JSON

Debian Security Advisory DSA-5376-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
March 20, 2023 https://www.debian.org/security/faq

Package : apache2
CVE ID : CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 CVE-2023-25690
CVE-2023-27522

Multiple vulnerabilities have been discovered in the Apache HTTP server,
which may result in HTTP response splitting or denial of service.

For the stable distribution (bullseye), these problems have been fixed in
version 2.4.56-1~deb11u1.

We recommend that you upgrade your apache2 packages.

For the detailed security status of apache2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/apache2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10arm64apache2-ssl-dev< 2.4.38-3+deb10u9apache2-ssl-dev_2.4.38-3+deb10u9_arm64.deb
Debian10armhflibapache2-mod-md< 2.4.38-3+deb10u9libapache2-mod-md_2.4.38-3+deb10u9_armhf.deb
Debian10armhfapache2-bin-dbgsym< 2.4.38-3+deb10u10apache2-bin-dbgsym_2.4.38-3+deb10u10_armhf.deb
Debian10allapache2-doc< 2.4.38-3+deb10u9apache2-doc_2.4.38-3+deb10u9_all.deb
Debian11s390xapache2-suexec-pristine-dbgsym< 2.4.56-1~deb11u1apache2-suexec-pristine-dbgsym_2.4.56-1~deb11u1_s390x.deb
Debian10arm64apache2-suexec-pristine< 2.4.38-3+deb10u9apache2-suexec-pristine_2.4.38-3+deb10u9_arm64.deb
Debian11armelapache2-utils< 2.4.56-1~deb11u1apache2-utils_2.4.56-1~deb11u1_armel.deb
Debian10armhfapache2-suexec-custom-dbgsym< 2.4.38-3+deb10u10apache2-suexec-custom-dbgsym_2.4.38-3+deb10u10_armhf.deb
Debian10i386apache2-ssl-dev< 2.4.38-3+deb10u9apache2-ssl-dev_2.4.38-3+deb10u9_i386.deb
Debian11mipselapache2-suexec-pristine-dbgsym< 2.4.56-1~deb11u1apache2-suexec-pristine-dbgsym_2.4.56-1~deb11u1_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	arm64	apache2-ssl-dev	< 2.4.38-3+deb10u9	apache2-ssl-dev_2.4.38-3+deb10u9_arm64.deb
Debian	10	armhf	libapache2-mod-md	< 2.4.38-3+deb10u9	libapache2-mod-md_2.4.38-3+deb10u9_armhf.deb
Debian	10	armhf	apache2-bin-dbgsym	< 2.4.38-3+deb10u10	apache2-bin-dbgsym_2.4.38-3+deb10u10_armhf.deb
Debian	10	all	apache2-doc	< 2.4.38-3+deb10u9	apache2-doc_2.4.38-3+deb10u9_all.deb
Debian	11	s390x	apache2-suexec-pristine-dbgsym	< 2.4.56-1~deb11u1	apache2-suexec-pristine-dbgsym_2.4.56-1~deb11u1_s390x.deb
Debian	10	arm64	apache2-suexec-pristine	< 2.4.38-3+deb10u9	apache2-suexec-pristine_2.4.38-3+deb10u9_arm64.deb
Debian	11	armel	apache2-utils	< 2.4.56-1~deb11u1	apache2-utils_2.4.56-1~deb11u1_armel.deb
Debian	10	armhf	apache2-suexec-custom-dbgsym	< 2.4.38-3+deb10u10	apache2-suexec-custom-dbgsym_2.4.38-3+deb10u10_armhf.deb
Debian	10	i386	apache2-ssl-dev	< 2.4.38-3+deb10u9	apache2-ssl-dev_2.4.38-3+deb10u9_i386.deb
Debian	11	mipsel	apache2-suexec-pristine-dbgsym	< 2.4.56-1~deb11u1	apache2-suexec-pristine-dbgsym_2.4.56-1~deb11u1_mipsel.deb