apache2 2.4.25-1 source package in Debian


apache2 (2.4.25-1) unstable; urgency=medium

  [ New upstream release ]
  * Security: CVE-2016-0736:
    mod_session_crypto: Authenticate the session data/cookie with a MAC to
    prevent deciphering or tampering with a padding oracle attack.
  * Security: CVE-2016-2161:
    mod_auth_digest: Prevent segfaults during client entry allocation when the
    shared memory space is exhausted.
  * Security: CVE-2016-5387:
    Mitigate [f]cgi "httpoxy" issues.
  * Security: CVE-2016-8740:
    mod_http2: Mitigate DoS memory exhaustion via endless CONTINUATION frames.
    Closes: #847124
  * Security: CVE-2016-8743:
    Enforce HTTP request grammar corresponding to RFC7230 for request lines
    and request headers, to prevent response splitting and cache pollution by
    malicious clients or downstream proxies.
  * The stricter HTTP enforcement may cause compatibility problems with
    non-conforming clients. Fine-tuning is possible with the new
    HttpProtocolOptions directive.
  * mpm_event: Fix "scoreboard full" errors. Closes: #834708 LP: #1466926
  * mod_http2: Many fixes and support for early pushes using the new
    H2PushResource directive.

  [ Stefan Fritsch ]
  * Switch to debhelper compatibility level 9.

 -- Stefan Fritsch <email address hidden>  Wed, 21 Dec 2016 23:46:06 +0100

Upload details

Uploaded by:
Debian Apache Maintainers on 2016-12-22
Uploaded to:
Original maintainer:
Debian Apache Maintainers
any all
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section



File Size SHA-256 Checksum
apache2_2.4.25-1.dsc 2.8 KiB 60d20309067f066e206939858a792721218367cbfc020bbef18c2f80edc07854
apache2_2.4.25.orig.tar.bz2 6.1 MiB f87ec2df1c9fee3e6bfde3c8b855a3ddb7ca1ab20ca877bd0e2b6bf3f05c80b2
apache2_2.4.25-1.debian.tar.xz 344.7 KiB 53f8e5ad9bc8764abcd80a671df9bd5fc3fcad150c57c6a176ca48ba5e7c58d7

No changes file available.

Binary packages built by this source