← Back to team overview

enterprise-support team mailing list archive

  1. enterprise-support team
  2. Mailing list archive
  3. Message #08521

[Bug 1945311] [NEW] Fix for CVE-2021-40438 breaks existing configs

  Thread PreviousDate PreviousThread Next 
Public bug reported:

The patches introduced for CVE-2021-40438 break existing configs.

For example on Plesk:
https://support.plesk.com/hc/en-us/articles/4407366133906-Website-suddenly-started-to-show-500-error-AH10292-Invalid-proxy-UDS-filename

Upstream pushed some additional fixes for it:
https://github.com/apache/httpd/commit/6d476a66956a6a81ac8e1f7f419ef0697b9a0b76
https://github.com/apache/httpd/commit/6d76cbb9100bf34250ffba0bded08e075380be88

In Debian I guess they will be included also according to
https://salsa.debian.org/apache-
team/apache2/-/commit/e36582e866cd7e87600235ff9fcd47b960899e24

So I think it might be good to include those 2 into Ubuntu as well.

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1945311

Title:
  Fix for CVE-2021-40438 breaks existing configs

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1945311/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next