Debian
libapache-mod-jk package

libapache-mod-jk 1:1.2.48-1+deb11u1 source package in Debian

Changelog

libapache-mod-jk (1:1.2.48-1+deb11u1) bullseye; urgency=high

  * Fix CVE-2023-41081:
    The mod_jk component of Apache Tomcat Connectors, an Apache 2 module to
    forward requests from Apache to Tomcat, in some circumstances, such as when
    a configuration included "JkOptions +ForwardDirectories" but the
    configuration did not provide explicit mounts for all possible proxied
    requests, mod_jk would use an implicit mapping and map the request to the
    first defined worker. Such an implicit mapping could result in the
    unintended exposure of the status worker and/or bypass security constraints
    configured in httpd. As of this security update, the implicit mapping
    functionality has been removed and all mappings must now be via explicit
    configuration. This issue affects Apache Tomcat Connectors (mod_jk only).
    (Closes: #1051956)

 -- Markus Koschany <email address hidden>  Sun, 24 Sep 2023 17:09:51 +0200

Upload details

Uploaded by:
Debian Java Maintainers
Uploaded to:
Bullseye
Original maintainer:
Debian Java Maintainers
Architectures:
any all
Section:
httpd
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Bullseye release main httpd

Builds

Downloads

File Size SHA-256 Checksum
libapache-mod-jk_1.2.48-1+deb11u1.dsc 2.2 KiB b721bfbbc000b834b284ec6a7e330debe645842ecb9422eda9fa990709cf1ac7
libapache-mod-jk_1.2.48.orig.tar.gz 3.5 MiB cb1b360ba0a12b2dbec119b60f561e9f657ed75df8188e5d902534b56b908e97
libapache-mod-jk_1.2.48-1+deb11u1.debian.tar.xz 59.6 KiB 2201ba8a3bb20fa88dfeda7229eaa310ba88dccfb5c140c616040b9c2275dae4

No changes file available.

Binary packages built by this source