Ubuntu

“apache2” 2.2.8-1ubuntu0.25 source package in Ubuntu

Changelog

apache2 (2.2.8-1ubuntu0.25) hardy-security; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.dpatch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: denial of service in mod_proxy_ajp
    - debian/patches/CVE-2012-4557.dpatch: check for timeout in
      modules/proxy/ajp_link.c, modules/proxy/mod_proxy_ajp.c.
    - CVE-2012-4557
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/patches/CVE-2013-1048.dpatch: introduce and use a safer
      mkdir_chown() function in support/apachectl.in.
    - CVE-2013-1048
 -- Marc Deslauriers <email address hidden>   Fri, 08 Mar 2013 11:17:51 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2013-03-08
Uploaded to:
Hardy
Original maintainer:
Ubuntu Developers
Component:
main
Architectures:
any
Section:
web
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Hardy updates on 2013-03-18 main web
Hardy security on 2013-03-18 main web

Downloads

File Size MD5 Checksum
apache2_2.2.8.orig.tar.gz 5.8 MiB 39a755eb0f584c279336387b321e3dfc
apache2_2.2.8-1ubuntu0.25.diff.gz 161.0 KiB 79c56df8cf342390008b126509cc4eea
apache2_2.2.8-1ubuntu0.25.dsc 2.0 KiB 1055afc1a01560718fd4434081d4b2eb

Binary packages built by this source

apache2: Next generation, scalable, extendable web server

 Apache v2 is the next generation of the omnipresent Apache web server. This
 version - a total rewrite - introduces many new improvements, such as
 threading, a new API, IPv6 support, request/response filtering, and more.

apache2-doc: documentation for apache2

 This is the documentation for apache2, see the apache2 package description
  for more details.

apache2-mpm-event: Event driven model for Apache HTTPD

 The event Multi-Processing Module (MPM) is designed to allow more
 requests to be served simultaneously by passing off some processing
 work to supporting threads, freeing up the main threads to work on
 new requests.
 .
 This MPM is especially suitable for sites that see extensive KeepAlive traffic

apache2-mpm-perchild: Transitional package - please remove

 This is a transitional package to upgrade apache2-mpm-perchild to
 apache2-mpm-worker.

apache2-mpm-prefork: Traditional model for Apache HTTPD

 This Multi-Processing Module (MPM) implements a non-threaded,
 pre-forking web server that handles requests in a manner similar to
 Apache 1.3. It is appropriate for sites that need to avoid threading for
 compatibility with non-thread-safe libraries. It is also the best MPM
 for isolating each request, so that a problem with a single request will
 not affect any other.
 .
 It is not as fast, but is considered to be more stable.

apache2-mpm-worker: High speed threaded model for Apache HTTPD

 The worker MPM provides a threaded implementation for Apache HTTPD. It is
 considerably faster than the traditional model, and is the recommended MPM.
 .
 Worker generally is a good choice for high-traffic servers because it
 has a smaller memory footprint than the prefork MPM.

apache2-prefork-dev: development headers for apache2

 This package provides the development headers and apxs2 binary for
 apache2-mpm-prefork; see the apache2 package description for more details.
 .
 This should only be used when you absolutely *have* to have a non-threaded
 environment, ie for PHP4.

apache2-src: Apache source code

 This package includes the complete and patched source code for the
 Apache HTTPD. It is useful for other packages to build-depend on in
 order to build custom MPMs.

apache2-threaded-dev: development headers for apache2

 This package provides the development headers and apxs2 binary for
 threaded versions of apache2; see the apache2 package description
 for more details.

apache2-utils: utility programs for webservers

 Provides some add-on programs useful for any webserver. These include:
  - ab (Apache benchmark tool)
  - logresolve (Resolve IP addresses to hostname in logfiles)
  - htpasswd (Manipulate basic authentication files)
  - htdigest (Manipulate digest authentication files)
  - dbmmanage (Manipulate basic authentication files in DBM format, using perl)
  - htdbm (Manipulate basic authentication files in DBM format, using APR)
  - rotatelogs (Periodically stop writing to a logfile and open a new one)
  - split-logfile (Split a single log including multiple vhosts)
  - checkgid (Checks whether the caller can setgid to the specified group)
  - check_forensic (Extract mod_log_forensic output from apache log files)

apache2.2-common: Next generation, scalable, extendable web server

 Apache v2 is the next generation of the omnipresent Apache web server. This
 version - a total rewrite - introduces many new improvements, such as
 threading, a new API, IPv6 support, request/response filtering, and more.
 .
 It is also considerably faster, and can be easily extended to provide services
 other than http.
 .
 This package contains all the standard apache2 modules, including SSL support.
 However, it does *not* include the server itself; for this you need to
 install one of the apache2-mpm-* packages; such as worker or prefork.