UBUNTU 16.04 ELS: apache2 package with the fixes for CVE-2021-30641, CVE-2021-26691, CVE-2021-26690, CVE-2020-35452 released
A new updated apache2 package with the fixes for CVE-2021-30641, CVE-2021-26691, CVE-2021-26690, CVE-2020-35452 within Ubuntu 16.04 ELS is now available for download from our production repository.
CHANGELOG
apache2-2.4.18-2ubuntu3.18
- Fix unexpected URL matching with ‘MergeSlashes OFF’ (CVE-2021-30641)
- Fix heap overflow in mod_session (CVE-2021-26691)
- Fix NULL pointer dereference in mod_session (CVE-2021-26690)
- Fix mod_auth_digest possible stack overflow by one null byte (CVE-2020-35452)
UPDATE COMMAND
apt-get update apt-get --only-upgrade install apache2*