[Bug 2117112] Re: 421 Misdirected Request: apache2 regression

Mon, 19 Jan 2026 06:51:57 -0800 

This bug was fixed in the package apache2 - 2.4.64-1ubuntu3.2

---------------
apache2 (2.4.64-1ubuntu3.2) questing-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in the case of failed ACME
    certificate renewal
    - debian/patches/CVE-2025-55753-1.patch: update mod_md to version
      2.6.2 in modules/md/*
    - debian/patches/CVE-2025-55753-2.patch: update mod_md to version
      2.6.6 in modules/md/*
    - CVE-2025-55753
  * SECURITY UPDATE: Server Side Includes adds query string to #exec cmd=
    - debian/patches/CVE-2025-58098.patch: don't pass args for SSI request
      in modules/generators/mod_cgid.c.
    - CVE-2025-58098
  * SECURITY UPDATE: CGI environment variable override
    - debian/patches/CVE-2025-65082.patch: envvars from HTTP headers low
      precedence in server/util_script.c.
    - CVE-2025-65082
  * SECURITY UPDATE: mod_userdir+suexec bypass via AllowOverride FileInfo
    - debian/patches/CVE-2025-66200.patch: don't use request notes for
      suexec in modules/mappers/mod_userdir.c,
      modules/metadata/mod_headers.c.
    - CVE-2025-66200
  * SECURITY REGRESSION: Misdirected Request error (LP: #2117112)
    - debian/patches/CVE-2025-23048-regression.patch: add SSLVHostSNIPolicy
      directive to set the compatibility level required for VirtualHost
      matching in modules/ssl/*.
    - debian/patches/CVE-2025-23048-regression-2.patch: fix handling of
      STRICT mode in modules/ssl/ssl_engine_kernel.c.

 -- Marc Deslauriers <[email protected]>  Tue, 09 Dec 2025
10:50:28 -0500

** Changed in: apache2 (Ubuntu)
       Status: Confirmed => Fix Released

** CVE added: https://cve.org/CVERecord?id=CVE-2025-55753

** CVE added: https://cve.org/CVERecord?id=CVE-2025-58098

** CVE added: https://cve.org/CVERecord?id=CVE-2025-65082

** CVE added: https://cve.org/CVERecord?id=CVE-2025-66200

** Changed in: apache2 (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2117112

Title:
  421 Misdirected Request: apache2 regression

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/2117112/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to