-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 24 Sep 2023 17:09:51 +0200 Source: libapache-mod-jk Architecture: source Version: 1:1.2.48-1+deb11u1 Distribution: bullseye Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Closes: 1051956 Changes: libapache-mod-jk (1:1.2.48-1+deb11u1) bullseye; urgency=high . * Fix CVE-2023-41081: The mod_jk component of Apache Tomcat Connectors, an Apache 2 module to forward requests from Apache to Tomcat, in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined worker. Such an implicit mapping could result in the unintended exposure of the status worker and/or bypass security constraints configured in httpd. As of this security update, the implicit mapping functionality has been removed and all mappings must now be via explicit configuration. This issue affects Apache Tomcat Connectors (mod_jk only). (Closes: #1051956) Checksums-Sha1: 7b98ce89cf68f3675dcd4bc5695fb722e5e1407b 2302 libapache-mod-jk_1.2.48-1+deb11u1.dsc 0f6a8acd0caaf53a4d57ccce03b42575212a13ae 61032 libapache-mod-jk_1.2.48-1+deb11u1.debian.tar.xz 21999a24525942d16874136b0a042d0d7577a41d 10578 libapache-mod-jk_1.2.48-1+deb11u1_amd64.buildinfo Checksums-Sha256: b721bfbbc000b834b284ec6a7e330debe645842ecb9422eda9fa990709cf1ac7 2302 libapache-mod-jk_1.2.48-1+deb11u1.dsc 2201ba8a3bb20fa88dfeda7229eaa310ba88dccfb5c140c616040b9c2275dae4 61032 libapache-mod-jk_1.2.48-1+deb11u1.debian.tar.xz fff3b9e880aff99ac1b87304d6b03b3ccb34e1354ab12cd63cba93a28cd8c3d4 10578 libapache-mod-jk_1.2.48-1+deb11u1_amd64.buildinfo Files: 2ceb462fee30fd419e7d6afd4225dcdc 2302 httpd optional libapache-mod-jk_1.2.48-1+deb11u1.dsc 362b4e36beff92cbd22cf617fe7ea77a 61032 httpd optional libapache-mod-jk_1.2.48-1+deb11u1.debian.tar.xz 437874e82a498fcf2945e5cdc16e1d86 10578 httpd optional libapache-mod-jk_1.2.48-1+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUQXc5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkIF0QALrFRHoK7a5ZN6/wTDCXcc1U2vCdWWc57WCP R79J1X7l5BCYil85RdiCqMqAq3QWEvdTJN6qNm7U+M1J+YNpWK4EO/WzQqUqWNAL BG/vHaL0dQpdbr1e25EB5QXF21CpjtULFil7kLSDvQxpNbmJeNdZpgG8RThBeXsc FOpOXuuEVXcscOcNZQSFwH7nCxXipVmLMUJn/JQIY7PUkSD7CPGVJ2pzrhVjfJ8v K3fjrsj9yQlIUNLd4MJtETWFUf7ZtV4+W7uIbiYlJBtHG7AdHeLaj/Oav6EuvVph EH6Lj2BTEsQuL+EuKRxCYNQpt4e40QJbyhQIqqSvhGUNpQAEjJSZ7qXxniv9GyNs 2a5GX75xfdl1BUclmNbRltICcGEHUoBvDmv+0nABKKr/J/DbVjIC2B5g9AHxqP2F vD3fLegYY/pSR5s8ZkEqpDcMKJbDnpVluhxhbTvshV62nvJMKqnIr9jpZUOsx8fU X04ojz69ZJH2RndSRPRcozbNtN4pPqhEEuYxfctQ0zdGOUyuX1OguSheFsrYQyO4 Bp4LzutUctL0uE9UjcOhHkNOyGyPDQAgBmZPTXBrfzGpO1nL8q/jcZa5oJ2p6YgL 8clRyhHcrI/spBFn7R59tL3quGZHyW3h+5bQNgW/VtkMey7bhiUH1lmz3cLAQUUS FvkTjdjR =VaAx -----END PGP SIGNATURE-----
