apache2 2.4.27-2ubuntu4.1 source package in Ubuntu
Changelog
apache2 (2.4.27-2ubuntu4.1) artful-security; urgency=medium
* SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
- debian/patches/CVE-2017-15710.patch: fix language long names
detection as short name in modules/aaa/mod_authnz_ldap.c.
- CVE-2017-15710
* SECURITY UPDATE: incorrect <FilesMatch> matching
- debian/patches/CVE-2017-15715.patch: allow to configure
global/default options for regexes, like caseless matching or
extended format in include/ap_regex.h, server/core.c,
server/util_pcre.c.
- CVE-2017-15715
* SECURITY UPDATE: mod_session header manipulation
- debian/patches/CVE-2018-1283.patch: strip Session header when
SessionEnv is on in modules/session/mod_session.c.
- CVE-2018-1283
* SECURITY UPDATE: DoS via specially-crafted request
- debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
terminated on any error, not only on buffer full in
server/protocol.c.
- CVE-2018-1301
* SECURITY UPDATE: mod_cache_socache DoS
- debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
to carriage return in modules/cache/mod_cache_socache.c.
- CVE-2018-1303
* SECURITY UPDATE: insecure nonce generation
- debian/patches/CVE-2018-1312.patch: actually use the secret when
generating nonces in modules/aaa/mod_auth_digest.c.
- CVE-2018-1312
-- Marc Deslauriers <email address hidden> Wed, 18 Apr 2018 10:20:05 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Artful
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- httpd
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| apache2_2.4.27.orig.tar.bz2 | 6.2 MiB | 71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a |
| apache2_2.4.27-2ubuntu4.1.debian.tar.xz | 699.3 KiB | e0d1bf643ca528e8477d1ebaef959974c6f0a32f4a048bade9284d9557e038ad |
| apache2_2.4.27-2ubuntu4.1.dsc | 3.0 KiB | 3b8c06f3d60b03604b74f5c58a0cf0b03ba682fc8e3b6d1c7651886cc50d9818 |
Available diffs
Binary packages built by this source
- apache2: No summary available for apache2 in ubuntu artful.
No description available for apache2 in ubuntu artful.
- apache2-bin: No summary available for apache2-bin in ubuntu artful.
No description available for apache2-bin in ubuntu artful.
- apache2-data: No summary available for apache2-data in ubuntu artful.
No description available for apache2-data in ubuntu artful.
- apache2-dbg: No summary available for apache2-dbg in ubuntu artful.
No description available for apache2-dbg in ubuntu artful.
- apache2-dev: No summary available for apache2-dev in ubuntu artful.
No description available for apache2-dev in ubuntu artful.
- apache2-doc: No summary available for apache2-doc in ubuntu artful.
No description available for apache2-doc in ubuntu artful.
- apache2-ssl-dev: No summary available for apache2-ssl-dev in ubuntu artful.
No description available for apache2-ssl-dev in ubuntu artful.
- apache2-suexec-custom: No summary available for apache2-suexec-custom in ubuntu artful.
No description available for apache2-
suexec- custom in ubuntu artful.
- apache2-suexec-pristine: No summary available for apache2-suexec-pristine in ubuntu artful.
No description available for apache2-
suexec- pristine in ubuntu artful.
- apache2-utils: No summary available for apache2-utils in ubuntu artful.
No description available for apache2-utils in ubuntu artful.
