apache2 2.4.27-2ubuntu4.1 source package in Ubuntu

Changelog

apache2 (2.4.27-2ubuntu4.1) artful-security; urgency=medium

  * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
    - debian/patches/CVE-2017-15710.patch: fix language long names
      detection as short name in modules/aaa/mod_authnz_ldap.c.
    - CVE-2017-15710
  * SECURITY UPDATE: incorrect <FilesMatch> matching
    - debian/patches/CVE-2017-15715.patch: allow to configure
      global/default options for regexes, like caseless matching or
      extended format in include/ap_regex.h, server/core.c,
      server/util_pcre.c.
    - CVE-2017-15715
  * SECURITY UPDATE: mod_session header manipulation
    - debian/patches/CVE-2018-1283.patch: strip Session header when
      SessionEnv is on in modules/session/mod_session.c.
    - CVE-2018-1283
  * SECURITY UPDATE: DoS via specially-crafted request
    - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
      terminated on any error, not only on buffer full in
      server/protocol.c.
    - CVE-2018-1301
  * SECURITY UPDATE: mod_cache_socache DoS
    - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
      to carriage return in modules/cache/mod_cache_socache.c.
    - CVE-2018-1303
  * SECURITY UPDATE: insecure nonce generation
    - debian/patches/CVE-2018-1312.patch: actually use the secret when
      generating nonces in modules/aaa/mod_auth_digest.c.
    - CVE-2018-1312

 -- Marc Deslauriers <email address hidden>  Wed, 18 Apr 2018 10:20:05 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2018-04-18
Uploaded to:
Artful
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
httpd
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
apache2_2.4.27.orig.tar.bz2 6.2 MiB 71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a
apache2_2.4.27-2ubuntu4.1.debian.tar.xz 699.3 KiB e0d1bf643ca528e8477d1ebaef959974c6f0a32f4a048bade9284d9557e038ad
apache2_2.4.27-2ubuntu4.1.dsc 3.0 KiB 3b8c06f3d60b03604b74f5c58a0cf0b03ba682fc8e3b6d1c7651886cc50d9818

View changes file

Binary packages built by this source

apache2: No summary available for apache2 in ubuntu artful.

No description available for apache2 in ubuntu artful.

apache2-bin: No summary available for apache2-bin in ubuntu artful.

No description available for apache2-bin in ubuntu artful.

apache2-data: No summary available for apache2-data in ubuntu artful.

No description available for apache2-data in ubuntu artful.

apache2-dbg: No summary available for apache2-dbg in ubuntu artful.

No description available for apache2-dbg in ubuntu artful.

apache2-dev: No summary available for apache2-dev in ubuntu artful.

No description available for apache2-dev in ubuntu artful.

apache2-doc: No summary available for apache2-doc in ubuntu artful.

No description available for apache2-doc in ubuntu artful.

apache2-ssl-dev: No summary available for apache2-ssl-dev in ubuntu artful.

No description available for apache2-ssl-dev in ubuntu artful.

apache2-suexec-custom: No summary available for apache2-suexec-custom in ubuntu artful.

No description available for apache2-suexec-custom in ubuntu artful.

apache2-suexec-pristine: No summary available for apache2-suexec-pristine in ubuntu artful.

No description available for apache2-suexec-pristine in ubuntu artful.

apache2-utils: No summary available for apache2-utils in ubuntu artful.

No description available for apache2-utils in ubuntu artful.