CLSA-2022-1648136327

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1648136327.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2022-1648136327

Upstream

CVE-2022-22719

CVE-2022-22720

CVE-2022-22721

CVE-2022-23943

Published

2022-03-24T15:38:47Z

Modified

2026-06-04T10:04:06.711849142Z

Summary

Fix CVE(s): CVE-2022-23943, CVE-2022-22720, CVE-2022-22721, CVE-2022-22719

Details

SECURITY UPDATE: mod_lua Use of uninitialized value of in r:parsebody
- debian/patches/CVE-2022-22719.patch: refactor luareadbody() in order to catch all possible errors
- CVE-2022-22719
SECURITY UPDATE: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier
- debian/patches/CVE-2022-22720.patch: simpler connection close logic if discarding the request body fails
- CVE-2022-22720
SECURITY UPDATE: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
- debian/patches/CVE-2022-22721.patch: make sure and check that LimitXMLRequestBody fits in system memory
- CVE-2022-22721
SECURITY UPDATE: modsed: Read/write beyond bounds
- debian/patches/CVE-2022-23943.patch: use sizet to allow for larger buffer sizes and unsigned arithmetics and refactor logic flow of sedwriteoutput()
- CVE-2022-23943 apache2 (1:2.4.18-2ubuntu3.17+tuxcare.els3) xenial-security; urgency=medium

References

https://errata.cloudlinux.com/ubuntu16_04/CLSA-2022-1648136327

Affected packages

TuxCare:Ubuntu:16.04

apache2

Package

Name: apache2
Purl: pkg:deb/tuxcare/apache2?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.4.18-2ubuntu3.17+tuxcare.els4

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1648136327.json"

apache2-bin

Package

Name: apache2-bin
Purl: pkg:deb/tuxcare/apache2-bin?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.4.18-2ubuntu3.17+tuxcare.els4

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1648136327.json"

apache2-data

Package

Name: apache2-data
Purl: pkg:deb/tuxcare/apache2-data?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.4.18-2ubuntu3.17+tuxcare.els4

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1648136327.json"

apache2-dev

Package

Name: apache2-dev
Purl: pkg:deb/tuxcare/apache2-dev?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.4.18-2ubuntu3.17+tuxcare.els4

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1648136327.json"

apache2-doc

Package

Name: apache2-doc
Purl: pkg:deb/tuxcare/apache2-doc?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.4.18-2ubuntu3.17+tuxcare.els4

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1648136327.json"

apache2-suexec-custom

Package

Name: apache2-suexec-custom
Purl: pkg:deb/tuxcare/apache2-suexec-custom?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.4.18-2ubuntu3.17+tuxcare.els4

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1648136327.json"

apache2-suexec-pristine

Package

Name: apache2-suexec-pristine
Purl: pkg:deb/tuxcare/apache2-suexec-pristine?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.4.18-2ubuntu3.17+tuxcare.els4

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1648136327.json"

apache2-utils

Package

Name: apache2-utils
Purl: pkg:deb/tuxcare/apache2-utils?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.4.18-2ubuntu3.17+tuxcare.els4

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1648136327.json"