-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4937-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 08, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apache2 CVE ID : CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 CVE-2021-31618 Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition the implementation of the MergeSlashes option could result in unexpected behaviour. For the stable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u5. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDnMiAACgkQEMKTtsN8 TjbNqg/9Hrd2EqNC4ijkjHNI/B6K74GgElHVSNcF/vbOp0zmOHaRLaOr06rfXmz+ AYM9nJR4xNJQWaXKFXpCVNvmlaKKbgyiK1LFrslh4aOCVdaVxQIYlYEeOoHthc1K fZawY6qhGf4VrgSkTNhaKakNikpf4lqh7L14LUFSA0b9nRkAy7CtqGuOzgEaUR26 qRUjPewKCeE2QhMgA63ne+XxPUF4I2WYEV8SPdKRfPmMwFlUpwB8bvherjDV+53H ZRs81ZMHk05N1ESI2wYGSR/dh/xYqt/01cXJ636JR39AQR51beIVtxekzwTW/aPE mC2ZY7aH4rsLqcFe3bJcVPQjD0r/fHUVSex1Mnr7mETD5aHAohUfHLEEV1+qR8Cx gz8Z63k0KvmVNe7WetGzwsWnvOXnDdRr63qM0UqEkd3Tre0tLWXjmTUfdUcicAof NsXPtJT8eNwi+E9YmpY5IQRE88uQ2sk2NTGaQ4EetMpLqX5h7brF15OTVxqVbUPP sqAZpgz6lD2Y0P4tXGCYP3u+B48pcNqOS66JJNHO9gJgVu3O+MDQFss+Z5P5JKzI H/KJMv58eFlyP+SsGZbHcDuH/IN8ZMvJA4gsrtHDzRoowFBOS1zDXJjEYdAlzEyq B1SgwN1PXkxPDUAF2+z9dvAeEOrMUUhQhTOC4OnxFxPssSwHEps= =O0O+ -----END PGP SIGNATURE-----