CLSA-2021-1635459129

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635459129.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2021-1635459129

Upstream

CVE-2020-35452

CVE-2021-26690

CVE-2021-26691

CVE-2021-30641

Published

2021-10-28T22:12:09Z

Modified

2026-06-04T10:03:27.954632445Z

Summary

Fix CVE(s): CVE-2021-26690, CVE-2021-26691, CVE-2021-30641, CVE-2020-35452

Details

SECURITY UPDATE: Unexpected URL matching with 'MergeSlashes OFF'
- debian/patches/CVE-2021-30641.patch: legacy default slash-matching behavior with 'MergeSlashes OFF'.
- CVE-2021-30641
SECURITY UPDATE: heap overflow in mod_session
- debian/patches/CVE-2021-26691.patch: A specially crafted SessionHeader sent by an origin server could cause a heap overflow.
- CVE-2021-26691
SECURITY UPDATE: NULL pointer dereference in modsession
- debian/patches/CVE-2021-26690.patch: A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service.
- CVE-2021-26690
SECURITY UPDATE: modauthdigest possible stack overflow by one nul byte
- debian/patches/CVE-2020-35452.patch: A specially crafted Digest nonce can cause a stack overflow in modauthdigest.
- CVE-2020-35452

References

https://errata.cloudlinux.com/ubuntu16_04/CLSA-2021-1635459129

Affected packages

TuxCare:Ubuntu:16.04

apache2

Package

Name: apache2
Purl: pkg:deb/tuxcare/apache2?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.18-2ubuntu3.18

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635459129.json"

apache2-bin

Package

Name: apache2-bin
Purl: pkg:deb/tuxcare/apache2-bin?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.18-2ubuntu3.18

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635459129.json"

apache2-data

Package

Name: apache2-data
Purl: pkg:deb/tuxcare/apache2-data?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.18-2ubuntu3.18

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635459129.json"

apache2-dev

Package

Name: apache2-dev
Purl: pkg:deb/tuxcare/apache2-dev?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.18-2ubuntu3.18

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635459129.json"

apache2-doc

Package

Name: apache2-doc
Purl: pkg:deb/tuxcare/apache2-doc?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.18-2ubuntu3.18

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635459129.json"

apache2-suexec-custom

Package

Name: apache2-suexec-custom
Purl: pkg:deb/tuxcare/apache2-suexec-custom?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.18-2ubuntu3.18

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635459129.json"

apache2-suexec-pristine

Package

Name: apache2-suexec-pristine
Purl: pkg:deb/tuxcare/apache2-suexec-pristine?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.18-2ubuntu3.18

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635459129.json"

apache2-utils

Package

Name: apache2-utils
Purl: pkg:deb/tuxcare/apache2-utils?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.18-2ubuntu3.18

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1635459129.json"