USN-5839-1 fixed a vulnerability in Apache. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server
mod_proxy module incorrectly truncated certain response headers. This may
result in later headers not being interpreted by the client.
(CVE-2022-37436)
USN-5837-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Nick Pope discovered that Django incorrectly handled certain
Accept-Language headers. A remote attacker could possibly use this issue to
cause Django to consume memory, leading to a denial of service.
It was discovered that AdvanceCOMP did not properly manage memory while
performing read operations on MNG file. If a user were tricked into opening
a specially crafted MNG file, a remote attacker could possibly use this
issue to cause AdvanceCOMP to crash, resulting in a denial of service.
(CVE-2022-35014, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019,
CVE-2022-35020)
It was discovered that AdvanceCOMP did not properly manage memory while
performing read operations on ZIP file. If a user were tricked into opening
a specially crafted ZIP file, a remote attacker could possibly use this
issue to cause AdvanceCOMP to crash, resulting in a denial of service.
(CVE-2022-35015, CVE-2022-35016)
It was discovered that the Apache HTTP Server mod_dav module incorrectly
handled certain If: request headers. A remote attacker could possibly use
this issue to cause the server to crash, resulting in a denial of service.
(CVE-2006-20001)
ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module
incorrectly interpreted certain HTTP Requests. A remote attacker could
possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2022-36760)
Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server
mod_proxy module incorrectly truncated certain response headers. This may
result in later headers not being interpreted by the client.
(CVE-2022-37436)
Nick Pope discovered that Django incorrectly handled certain
Accept-Language headers. A remote attacker could possibly use this issue to
cause Django to consume memory, leading to a denial of service.