-
apache2 (2.0.50-12ubuntu4.10) warty-security; urgency=low
* SECURITY UPDATE: Remote DoS and Cross-Site Scripting vulnerability.
- Add 050_mod_imap_CVE-2005-3352 to escape untrusted referer headers in
mod_imap before outputting HTML to avoid XSS attacks; see CVE-2005-3352
- Add 051_mod_ssl_CVE-2005-3357 to avoid a remote denial of service in
threaded MPMs when making a non-SSL connection to an SSL-enabled port
on a server with a custom 400 error document defined; see CVE-2005-3357
-- Adam Conrad <email address hidden> Sun, 8 Jan 2006 00:00:08 +1100
-
apache2 (2.0.50-12ubuntu4.9) warty-security; urgency=low
* SECURITY UPDATE: Memory exhaustion denial of service in apache2-mpm-worker
- Apply 048_worker_memleak_CAN-2005-2970 to resolves a memory leak in
the worker MPM that can occur after aborted connections; CAN-2005-2970
-- Adam Conrad <email address hidden> Tue, 6 Dec 2005 02:17:58 +1100
-
apache2 (2.0.50-12ubuntu4) warty; urgency=low
* Security Release. Patch from upstream for the following:
CAN-2004-0885 - SSLCypherSuite can be bypassed during renegotiation.
-- Thom May <email address hidden> Wed, 13 Oct 2004 19:46:10 +0100