CLSA-2021-1635458969

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635458969.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2021-1635458969
Upstream
Published
2021-10-28T22:09:29Z
Modified
2026-06-04T10:03:57.053419935Z
Summary
Fix CVE(s): CVE-2021-40438, CVE-2021-34798, CVE-2021-39275
Details
  • SECURITY UPDATE: Buffer overflow with crafted input
    • debian/patches/CVE-2021-39275.patch:apescapequotes() may write beyond the end of a buffer when given malicious input
    • CVE-2021-39275
  • SECURITY UPDATE: Malformed requests may cause the server to dereference a NULL pointer
    • debian/patches/CVE-2021-34798.patch: prevent apincrementcounts() from pointer dereference without check
    • CVE-2021-34798
  • SECURITY UPDATE: A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
    • debian/patches/CVE-2021-40438.patch: add checks for the configured UDS path
    • CVE-2021-40438
References

Affected packages

TuxCare:Ubuntu:16.04
apache2

Package

Name
apache2
Purl
pkg:deb/tuxcare/apache2?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.18-2ubuntu3.19

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635458969.json"
apache2-bin

Package

Name
apache2-bin
Purl
pkg:deb/tuxcare/apache2-bin?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.18-2ubuntu3.19

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635458969.json"
apache2-data

Package

Name
apache2-data
Purl
pkg:deb/tuxcare/apache2-data?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.18-2ubuntu3.19

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635458969.json"
apache2-dev

Package

Name
apache2-dev
Purl
pkg:deb/tuxcare/apache2-dev?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.18-2ubuntu3.19

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635458969.json"
apache2-doc

Package

Name
apache2-doc
Purl
pkg:deb/tuxcare/apache2-doc?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.18-2ubuntu3.19

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635458969.json"
apache2-suexec-custom

Package

Name
apache2-suexec-custom
Purl
pkg:deb/tuxcare/apache2-suexec-custom?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.18-2ubuntu3.19

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635458969.json"
apache2-suexec-pristine

Package

Name
apache2-suexec-pristine
Purl
pkg:deb/tuxcare/apache2-suexec-pristine?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.18-2ubuntu3.19

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635458969.json"
apache2-utils

Package

Name
apache2-utils
Purl
pkg:deb/tuxcare/apache2-utils?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.18-2ubuntu3.19

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635458969.json"