Ubuntu

“apache2” 2.2.8-1ubuntu0.4 source package in Ubuntu

Changelog

apache2 (2.2.8-1ubuntu0.4) hardy-security; urgency=low

  [ Emanuele Gentili ]
  * SECURITY UPDATE:
   + debian/patches/201_security_CVE-2008-2364.dpatch (LP: #239894)
    - The ap_proxy_http_process_response function in mod_proxy_http.c
      in the mod_proxy module does not limit the number of forwarded
      interim responses, which allows remote HTTP servers to cause a
      denial of service (memory consumption) via a large number of
      interim responses.
   + References
    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364

  [ Marc Deslauriers ]
  * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
    mod_proxy_balancer
    - debian/patches/200_security_CVE-2007-6420.dpatch: generate and validate a
      nonce in modules/proxy/mod_proxy_balancer.c.
    - CVE-2007-6420
  * SECURITY UPDATE: Denial of service via large number of interim responses in
    mod_proxy module (LP: #239894)
    - debian/patches/201_security_CVE-2008-2364.dpatch: updated patch to newer
      version.
    - CVE-2008-2364
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
    mod_proxy_ftp module
    - debian/patches/202_security_CVE-2008-2939.dpatch: escape the html
      contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
    - CVE-2008-2939

 -- Marc Deslauriers <email address hidden>   Thu, 05 Mar 2009 17:20:17 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2009-03-05
Uploaded to:
Hardy
Original maintainer:
Ubuntu Development Team
Component:
main
Architectures:
any
Section:
web
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
apache2_2.2.8.orig.tar.gz 5.8 MiB 39a755eb0f584c279336387b321e3dfc
apache2_2.2.8-1ubuntu0.4.diff.gz 129.3 KiB 1a3c4e93f08a23c3a3323cb02f5963b6
apache2_2.2.8-1ubuntu0.4.dsc 1.3 KiB ed1a1e5de71b0e35100f60b21f959db4

Binary packages built by this source

apache2: Next generation, scalable, extendable web server

 Apache v2 is the next generation of the omnipresent Apache web server. This
 version - a total rewrite - introduces many new improvements, such as
 threading, a new API, IPv6 support, request/response filtering, and more.

apache2-doc: documentation for apache2

 This is the documentation for apache2, see the apache2 package description
  for more details.

apache2-mpm-event: Event driven model for Apache HTTPD

 The event Multi-Processing Module (MPM) is designed to allow more
 requests to be served simultaneously by passing off some processing
 work to supporting threads, freeing up the main threads to work on
 new requests.
 .
 This MPM is especially suitable for sites that see extensive KeepAlive traffic

apache2-mpm-perchild: Transitional package - please remove

 This is a transitional package to upgrade apache2-mpm-perchild to
 apache2-mpm-worker.

apache2-mpm-prefork: Traditional model for Apache HTTPD

 This Multi-Processing Module (MPM) implements a non-threaded,
 pre-forking web server that handles requests in a manner similar to
 Apache 1.3. It is appropriate for sites that need to avoid threading for
 compatibility with non-thread-safe libraries. It is also the best MPM
 for isolating each request, so that a problem with a single request will
 not affect any other.
 .
 It is not as fast, but is considered to be more stable.

apache2-mpm-worker: High speed threaded model for Apache HTTPD

 The worker MPM provides a threaded implementation for Apache HTTPD. It is
 considerably faster than the traditional model, and is the recommended MPM.
 .
 Worker generally is a good choice for high-traffic servers because it
 has a smaller memory footprint than the prefork MPM.

apache2-prefork-dev: development headers for apache2

 This package provides the development headers and apxs2 binary for
 apache2-mpm-prefork; see the apache2 package description for more details.
 .
 This should only be used when you absolutely *have* to have a non-threaded
 environment, ie for PHP4.

apache2-src: Apache source code

 This package includes the complete and patched source code for the
 Apache HTTPD. It is useful for other packages to build-depend on in
 order to build custom MPMs.

apache2-threaded-dev: development headers for apache2

 This package provides the development headers and apxs2 binary for
 threaded versions of apache2; see the apache2 package description
 for more details.

apache2-utils: utility programs for webservers

 Provides some add-on programs useful for any webserver. These include:
  - ab (Apache benchmark tool)
  - logresolve (Resolve IP addresses to hostname in logfiles)
  - htpasswd (Manipulate basic authentication files)
  - htdigest (Manipulate digest authentication files)
  - dbmmanage (Manipulate basic authentication files in DBM format, using perl)
  - htdbm (Manipulate basic authentication files in DBM format, using APR)
  - rotatelogs (Periodically stop writing to a logfile and open a new one)
  - split-logfile (Split a single log including multiple vhosts)
  - checkgid (Checks whether the caller can setgid to the specified group)
  - check_forensic (Extract mod_log_forensic output from apache log files)

apache2.2-common: Next generation, scalable, extendable web server

 Apache v2 is the next generation of the omnipresent Apache web server. This
 version - a total rewrite - introduces many new improvements, such as
 threading, a new API, IPv6 support, request/response filtering, and more.
 .
 It is also considerably faster, and can be easily extended to provide services
 other than http.
 .
 This package contains all the standard apache2 modules, including SSL support.
 However, it does *not* include the server itself; for this you need to
 install one of the apache2-mpm-* packages; such as worker or prefork.