apache2 2.2.22-13+deb7u3 source package in Debian


apache2 (2.2.22-13+deb7u3) wheezy-security; urgency=high

  * CVE-2014-0226: Fix a race condition in scoreboard handling,
    which could lead to a heap buffer overflow.
  * CVE-2014-0231: mod_cgid: Fix a denial of service against CGI scripts
    that do not consume stdin that could lead to lingering HTTPD child
    processes filling up the scoreboard and eventually hanging the server.
    By default, the client I/O timeout (Timeout directive) now applies to
    communication with scripts.  The CGIDScriptTimeout directive can be
    used to set a different timeout for communication with scripts.
  * CVE-2014-0118: mod_deflate: The DEFLATE input filter (inflates request
    bodies) now limits the length and compression ratio of inflated request
    bodies to avoid denial of sevice via highly compressed bodies.
    By default, LimitRequestBody is applied after decompression. Fine-tuning
    is possible with the new directives DeflateInflateLimitRequestBody,
    DeflateInflateRatioLimit, and DeflateInflateRatioBurst.

 -- Stefan Fritsch <email address hidden>  Wed, 23 Jul 2014 23:53:24 +0200

Upload details

Uploaded by:
Debian Apache Maintainers on 2014-10-18
Uploaded to:
Original maintainer:
Debian Apache Maintainers
any all
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section



File Size SHA-256 Checksum
apache2_2.2.22-13+deb7u3.dsc 2.8 KiB f720ea82bb7b6d448f5f9346817f435eaa4cf91ca9c7091ed2630db455fcb4a0
apache2_2.2.22.orig.tar.gz 6.9 MiB 74c1ffffefe1a502339b004ad6488fbd858eb425a05968cd67c05695dbc0fe7c
apache2_2.2.22-13+deb7u3.debian.tar.gz 208.5 KiB 3b6bcc34ae33fd94f08be0d7a5d1d59a2a31b8a6bc7147ece7dcdb8314b78ef8

No changes file available.

Binary packages built by this source