ELA-769-1 libapreq2 security update

Version2.13-7~deb9u2 (stretch)
Related CVEs CVE-2022-22728

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.

For Debian 9 stretch, these problems have been fixed in version 2.13-7~deb9u2.

We recommend that you upgrade your libapreq2 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.