Publishing details

Removed from disk on 2019-04-05.
Removal requested on 2019-04-05.
Superseded on 2019-04-04 by apache2 - 2.4.18-2ubuntu3.10
Published on 2018-04-19
Copied from ubuntu xenial in PPA for Ubuntu Security Proposed by Marc Deslauriers

Changelog

apache2 (2.4.18-2ubuntu3.8) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
    - debian/patches/CVE-2017-15710.patch: fix language long names
      detection as short name in modules/aaa/mod_authnz_ldap.c.
    - CVE-2017-15710
  * SECURITY UPDATE: incorrect <FilesMatch> matching
    - debian/patches/CVE-2017-15715-pre.patch: add ap_cstr_casecmp[n]() to
      include/httpd.h, server/util.c.
    - debian/patches/CVE-2017-15715.patch: allow to configure
      global/default options for regexes, like caseless matching or
      extended format in include/ap_regex.h, server/core.c,
      server/util_pcre.c.
    - CVE-2017-15715
  * SECURITY UPDATE: mod_session header manipulation
    - debian/patches/CVE-2018-1283.patch: strip Session header when
      SessionEnv is on in modules/session/mod_session.c.
    - CVE-2018-1283
  * SECURITY UPDATE: DoS via specially-crafted request
    - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
      terminated on any error, not only on buffer full in
      server/protocol.c.
    - CVE-2018-1301
  * SECURITY UPDATE: mod_cache_socache DoS
    - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
      to carriage return in modules/cache/mod_cache_socache.c.
    - CVE-2018-1303
  * SECURITY UPDATE: insecure nonce generation
    - debian/patches/CVE-2018-1312.patch: actually use the secret when
      generating nonces in modules/aaa/mod_auth_digest.c.
    - CVE-2018-1312

 -- Marc Deslauriers <email address hidden>  Wed, 18 Apr 2018 10:53:04 -0400

Available diffs

diff from 2.4.18-2ubuntu3.7 (in Ubuntu) to 2.4.18-2ubuntu3.8 (12.2 KiB)
diff from 2.4.18-2ubuntu3.5 to 2.4.18-2ubuntu3.8 (13.1 KiB)

Builds

Package files

apache2-bin-dbgsym_2.4.18-2ubuntu3.8_amd64.ddeb (992 bytes)
apache2-bin-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb (992 bytes)
apache2-bin-dbgsym_2.4.18-2ubuntu3.8_armhf.ddeb (992 bytes)
apache2-bin-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb (992 bytes)
apache2-bin-dbgsym_2.4.18-2ubuntu3.8_powerpc.ddeb (994 bytes)
apache2-bin-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb (992 bytes)
apache2-bin-dbgsym_2.4.18-2ubuntu3.8_s390x.ddeb (992 bytes)
apache2-bin_2.4.18-2ubuntu3.8_amd64.deb (904.3 KiB)
apache2-bin_2.4.18-2ubuntu3.8_arm64.deb (753.2 KiB)
apache2-bin_2.4.18-2ubuntu3.8_armhf.deb (801.5 KiB)
apache2-bin_2.4.18-2ubuntu3.8_i386.deb (964.7 KiB)
apache2-bin_2.4.18-2ubuntu3.8_powerpc.deb (792.1 KiB)
apache2-bin_2.4.18-2ubuntu3.8_ppc64el.deb (861.5 KiB)
apache2-bin_2.4.18-2ubuntu3.8_s390x.deb (846.5 KiB)
apache2-data_2.4.18-2ubuntu3.8_all.deb (158.1 KiB)
apache2-dbg_2.4.18-2ubuntu3.8_amd64.deb (1.9 MiB)
apache2-dbg_2.4.18-2ubuntu3.8_arm64.deb (2.0 MiB)
apache2-dbg_2.4.18-2ubuntu3.8_armhf.deb (1.9 MiB)
apache2-dbg_2.4.18-2ubuntu3.8_i386.deb (1.7 MiB)
apache2-dbg_2.4.18-2ubuntu3.8_powerpc.deb (1.9 MiB)
apache2-dbg_2.4.18-2ubuntu3.8_ppc64el.deb (2.1 MiB)
apache2-dbg_2.4.18-2ubuntu3.8_s390x.deb (1.8 MiB)
apache2-dbgsym_2.4.18-2ubuntu3.8_amd64.ddeb (972 bytes)
apache2-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb (974 bytes)
apache2-dbgsym_2.4.18-2ubuntu3.8_armhf.ddeb (972 bytes)
apache2-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb (970 bytes)
apache2-dbgsym_2.4.18-2ubuntu3.8_powerpc.ddeb (974 bytes)
apache2-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb (976 bytes)
apache2-dbgsym_2.4.18-2ubuntu3.8_s390x.ddeb (976 bytes)
apache2-dev-dbgsym_2.4.18-2ubuntu3.8_amd64.ddeb (1.1 KiB)
apache2-dev-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb (1.1 KiB)
apache2-dev-dbgsym_2.4.18-2ubuntu3.8_armhf.ddeb (1.1 KiB)
apache2-dev-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb (1.1 KiB)
apache2-dev-dbgsym_2.4.18-2ubuntu3.8_powerpc.ddeb (1.1 KiB)
apache2-dev-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb (1.1 KiB)
apache2-dev-dbgsym_2.4.18-2ubuntu3.8_s390x.ddeb (1.1 KiB)
apache2-dev_2.4.18-2ubuntu3.8_amd64.deb (169.2 KiB)
apache2-dev_2.4.18-2ubuntu3.8_arm64.deb (169.0 KiB)
apache2-dev_2.4.18-2ubuntu3.8_armhf.deb (169.1 KiB)
apache2-dev_2.4.18-2ubuntu3.8_i386.deb (169.1 KiB)
apache2-dev_2.4.18-2ubuntu3.8_powerpc.deb (169.1 KiB)
apache2-dev_2.4.18-2ubuntu3.8_ppc64el.deb (169.1 KiB)
apache2-dev_2.4.18-2ubuntu3.8_s390x.deb (169.4 KiB)
apache2-doc_2.4.18-2ubuntu3.8_all.deb (2.6 MiB)
apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.8_amd64.ddeb (978 bytes)
apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb (976 bytes)
apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.8_armhf.ddeb (978 bytes)
apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb (976 bytes)
apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.8_powerpc.ddeb (980 bytes)
apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb (978 bytes)
apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.8_s390x.ddeb (980 bytes)
apache2-suexec-custom_2.4.18-2ubuntu3.8_amd64.deb (14.7 KiB)
apache2-suexec-custom_2.4.18-2ubuntu3.8_arm64.deb (14.6 KiB)
apache2-suexec-custom_2.4.18-2ubuntu3.8_armhf.deb (14.3 KiB)
apache2-suexec-custom_2.4.18-2ubuntu3.8_i386.deb (14.7 KiB)
apache2-suexec-custom_2.4.18-2ubuntu3.8_powerpc.deb (14.6 KiB)
apache2-suexec-custom_2.4.18-2ubuntu3.8_ppc64el.deb (14.8 KiB)
apache2-suexec-custom_2.4.18-2ubuntu3.8_s390x.deb (14.8 KiB)
apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.8_amd64.ddeb (922 bytes)
apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb (922 bytes)
apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.8_armhf.ddeb (924 bytes)
apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb (920 bytes)
apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.8_powerpc.ddeb (922 bytes)
apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb (920 bytes)
apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.8_s390x.ddeb (922 bytes)
apache2-suexec-pristine_2.4.18-2ubuntu3.8_amd64.deb (13.3 KiB)
apache2-suexec-pristine_2.4.18-2ubuntu3.8_arm64.deb (13.1 KiB)
apache2-suexec-pristine_2.4.18-2ubuntu3.8_armhf.deb (12.9 KiB)
apache2-suexec-pristine_2.4.18-2ubuntu3.8_i386.deb (13.3 KiB)
apache2-suexec-pristine_2.4.18-2ubuntu3.8_powerpc.deb (13.1 KiB)
apache2-suexec-pristine_2.4.18-2ubuntu3.8_ppc64el.deb (13.3 KiB)
apache2-suexec-pristine_2.4.18-2ubuntu3.8_s390x.deb (13.2 KiB)
apache2-utils-dbgsym_2.4.18-2ubuntu3.8_amd64.ddeb (1.2 KiB)
apache2-utils-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb (1.2 KiB)
apache2-utils-dbgsym_2.4.18-2ubuntu3.8_armhf.ddeb (1.2 KiB)
apache2-utils-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb (1.2 KiB)
apache2-utils-dbgsym_2.4.18-2ubuntu3.8_powerpc.ddeb (1.2 KiB)
apache2-utils-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb (1.2 KiB)
apache2-utils-dbgsym_2.4.18-2ubuntu3.8_s390x.ddeb (1.2 KiB)
apache2-utils_2.4.18-2ubuntu3.8_amd64.deb (80.1 KiB)
apache2-utils_2.4.18-2ubuntu3.8_arm64.deb (76.5 KiB)
apache2-utils_2.4.18-2ubuntu3.8_armhf.deb (82.1 KiB)
apache2-utils_2.4.18-2ubuntu3.8_i386.deb (84.8 KiB)
apache2-utils_2.4.18-2ubuntu3.8_powerpc.deb (81.9 KiB)
apache2-utils_2.4.18-2ubuntu3.8_ppc64el.deb (79.5 KiB)
apache2-utils_2.4.18-2ubuntu3.8_s390x.deb (79.9 KiB)
apache2_2.4.18-2ubuntu3.8.debian.tar.xz (387.6 KiB)
apache2_2.4.18-2ubuntu3.8.dsc (2.7 KiB)
apache2_2.4.18-2ubuntu3.8_amd64.deb (84.8 KiB)
apache2_2.4.18-2ubuntu3.8_arm64.deb (84.6 KiB)
apache2_2.4.18-2ubuntu3.8_armhf.deb (84.6 KiB)
apache2_2.4.18-2ubuntu3.8_i386.deb (84.8 KiB)
apache2_2.4.18-2ubuntu3.8_powerpc.deb (84.8 KiB)
apache2_2.4.18-2ubuntu3.8_ppc64el.deb (84.5 KiB)
apache2_2.4.18-2ubuntu3.8_s390x.deb (84.6 KiB)
apache2_2.4.18.orig.tar.bz2 (4.9 MiB)