ELA-491-1 apache2 security update

multiple vulnerabilities

2021-10-02
Packageapache2
Version2.4.10-10+deb8u19
Related CVEs CVE-2021-34798 CVE-2021-39275 CVE-2021-40438

Several vulnerabilities were discovered in the Apache HTTP server. An attacker could send proxied requests to arbitrary servers, corrupt memory in some setups involving third-party modules, and cause the server to crash.

For Debian 8 jessie, these problems have been fixed in version 2.4.10-10+deb8u19.

We recommend that you upgrade your apache2 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/