CLSA-2022-1656430949
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1656430949.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2022-1656430949
- Upstream
- Published
- 2022-06-28T15:42:29Z
- Modified
- 2026-06-04T10:03:43.588296141Z
- Summary
- Fix CVE(s): CVE-2022-28615, CVE-2022-26377, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813
- Details
-
- SECURITY UPDATE: modsed may make excessively large memory allocations
and trigger an abort
- debian/patches/CVE-2022-30522.patch: limit mod
- CVE-2022-30522
- SECURITY UPDATE: HTTP request smuggling in modproxyajp
- debian/patches/CVE-2022-26377.patch: parse request headers in the way so Transfer-Encoding has precedence over Content-Length
- CVE-2022-26377
- SECURITY UPDATE: possible out-of-bounds read in apstrcmpmatch() with an extremely large input buffer
- debian/patches/CVE-2022-28615.patch: use aprsizet (e.g. long) for array indexing
- CVE-2022-28615
- SECURITY UPDATE: mod_lua r:wsread() may return length that points past the end of the storage allocated for the buffer
- debian/patches/CVE-2022-30556.patch: consistently use luawebsocketreadbytes() and check the return value
- CVE-2022-30556
- SECURITY UPDATE: mod_proxy may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism
- debian/patches/CVE-2022-31813.patch: preserve original request headers so an upstream knows what the original request hostname was
- CVE-2022-31813
- SECURITY UPDATE: modsed may make excessively large memory allocations
and trigger an abort
- References