Format: 1.8 Date: Fri, 05 May 2017 10:51:32 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: powerpc Version: 2.4.18-2ubuntu4.1 Distribution: yakkety Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.18-2ubuntu4.1) yakkety-security; urgency=medium . * SECURITY UPDATE: mod_sessioncrypto padding oracle attack issue - debian/patches/CVE-2016-0736.patch: authenticate the session data/cookie with a MAC in modules/session/mod_session_crypto.c. - CVE-2016-0736 * SECURITY UPDATE: denial of service via malicious mod_auth_digest input - debian/patches/CVE-2016-2161.patch: improve memory handling in modules/aaa/mod_auth_digest.c. - CVE-2016-2161 * SECURITY UPDATE: response splitting and cache pollution issue via incomplete RFC7230 HTTP request grammar enforcing - debian/patches/CVE-2016-8743.patch: enfore stricter parsing in include/http_core.h, include/http_protocol.h, include/httpd.h, modules/http/http_filters.c, server/core.c, server/gen_test_char.c, server/protocol.c, server/util.c, server/vhost.c. - debian/patches/hostnames_with_underscores.diff: relax hostname restrictions in server/vhost.c. - CVE-2016-8743 * WARNING: The fix for CVE-2016-8743 introduces a behavioural change and may introduce compatibility issues with clients that do not strictly follow specifications. A new configuration directive, "HttpProtocolOptions Unsafe" can be used to re-enable some of the less strict parsing restrictions, at the expense of security. Checksums-Sha1: 816399cedabf897e30bfa128bb9e3e0875c86708 988 apache2-bin-dbgsym_2.4.18-2ubuntu4.1_powerpc.ddeb 61ed7b4949e98e31b25f4e028e10c412ed0eae62 802686 apache2-bin_2.4.18-2ubuntu4.1_powerpc.deb a39da6797abcb3cf73cb320116efafb2ad8fc4f6 2123982 apache2-dbg_2.4.18-2ubuntu4.1_powerpc.deb e4084d59e60d149a84c34ca08e2265526111e514 970 apache2-dbgsym_2.4.18-2ubuntu4.1_powerpc.ddeb 28a9b777bd570c585be3c61699672ceafd392103 1106 apache2-dev-dbgsym_2.4.18-2ubuntu4.1_powerpc.ddeb c071215c919b04edcf19f170d2c84c40fdd75631 172442 apache2-dev_2.4.18-2ubuntu4.1_powerpc.deb 3b30b5ff20aea88ea1a04570546ce1d8b075dc1e 974 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu4.1_powerpc.ddeb 1718b13474235d9da20e62e2a58c6aa2a36d1ba2 14902 apache2-suexec-custom_2.4.18-2ubuntu4.1_powerpc.deb 84ecab68beecd875819921d5125a512d09ac4f9c 916 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu4.1_powerpc.ddeb 3fab74d4c007b725395efb10ee921af4af33218c 13356 apache2-suexec-pristine_2.4.18-2ubuntu4.1_powerpc.deb 1c556afc25758aac76c893bf61b268bb64f5ae06 1188 apache2-utils-dbgsym_2.4.18-2ubuntu4.1_powerpc.ddeb edcbd0ca2d8cbdee77aab1f04a79145a981c477a 83086 apache2-utils_2.4.18-2ubuntu4.1_powerpc.deb 828dbf7afb99e8011f73f4889f66bdb1e184ba67 86344 apache2_2.4.18-2ubuntu4.1_powerpc.deb Checksums-Sha256: afafbeacf1151fa336f96cc6dd6def83731845022a6f187aa74f6b6f00da1af1 988 apache2-bin-dbgsym_2.4.18-2ubuntu4.1_powerpc.ddeb 7a142d4a0e3c5941de9b03b56775b90db0fd3d4338f91eea57a48b0c84cd3fd7 802686 apache2-bin_2.4.18-2ubuntu4.1_powerpc.deb 590b4db2a13cf69203b64798e1d17fc327750d64344cba2b414eb61496f8d6d5 2123982 apache2-dbg_2.4.18-2ubuntu4.1_powerpc.deb 372f5998c1efe6dfd112f505e439b2a1cfedeba2699c48f867a26029380d5f15 970 apache2-dbgsym_2.4.18-2ubuntu4.1_powerpc.ddeb 8a2c25fd7319f8131aba336259e085f60b68cdc60ee9606122d987e37f6de829 1106 apache2-dev-dbgsym_2.4.18-2ubuntu4.1_powerpc.ddeb cd781679e2dd386a0313a6443adc6e72f11d5d15af2808efd571d74aa080f1a1 172442 apache2-dev_2.4.18-2ubuntu4.1_powerpc.deb b76d87f80f8ba454dc065b82d6e41e98999065c7ead7d99fc9c0bd1c7d2440a9 974 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu4.1_powerpc.ddeb 854b984c060aa59f2bd4efa7d9bec04907bf4b435da0c0d807c4c454393696c1 14902 apache2-suexec-custom_2.4.18-2ubuntu4.1_powerpc.deb 45351765ba68245f0628cb776bf0a11f4ffb09add205b28d6fd9b06b9d414cb9 916 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu4.1_powerpc.ddeb 106152ec752460213bfae677a1ad0ee5b3604a9571abbf9e7a67552292b2fee3 13356 apache2-suexec-pristine_2.4.18-2ubuntu4.1_powerpc.deb 57c62e6cf8e7c3796c5bdad0bcabe8a2830446b46d48961d1831daaee8458e71 1188 apache2-utils-dbgsym_2.4.18-2ubuntu4.1_powerpc.ddeb 9ce3db197b92d4d7adef053d01fd57322cf3c7d6e713eed36243837e63efffa9 83086 apache2-utils_2.4.18-2ubuntu4.1_powerpc.deb 570976e7ddfe20bddb3e0fb6c3fc3a73bc8b00f336078c1647a6a18377f18a38 86344 apache2_2.4.18-2ubuntu4.1_powerpc.deb Files: 0616ffbfdd171bf5a0e4b2eb0f08b60f 988 httpd extra apache2-bin-dbgsym_2.4.18-2ubuntu4.1_powerpc.ddeb b91ed7b9efff44697bd3ad984738ab84 802686 httpd optional apache2-bin_2.4.18-2ubuntu4.1_powerpc.deb b0abf9a1026e00e9d2073d999d2e05a2 2123982 debug extra apache2-dbg_2.4.18-2ubuntu4.1_powerpc.deb 23d13c18441ae224c03ab96051eee214 970 httpd extra apache2-dbgsym_2.4.18-2ubuntu4.1_powerpc.ddeb 0a48dc62c66cca0d7976461615f15979 1106 httpd extra apache2-dev-dbgsym_2.4.18-2ubuntu4.1_powerpc.ddeb 895774e1f64f07d1e37df6b4740c3aca 172442 httpd optional apache2-dev_2.4.18-2ubuntu4.1_powerpc.deb 67df9a27cf170b86ff83f150352397ec 974 httpd extra apache2-suexec-custom-dbgsym_2.4.18-2ubuntu4.1_powerpc.ddeb 08688d4914ec4bc6dde3ec85cebc6572 14902 httpd extra apache2-suexec-custom_2.4.18-2ubuntu4.1_powerpc.deb b35858497582e93cc1a44b46c36e3c94 916 httpd extra apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu4.1_powerpc.ddeb 7e4b6054db7eb0c60011bc0eaaf0ad9b 13356 httpd optional apache2-suexec-pristine_2.4.18-2ubuntu4.1_powerpc.deb 010ea09e9ad1be7db60945da1b0a8c21 1188 httpd extra apache2-utils-dbgsym_2.4.18-2ubuntu4.1_powerpc.ddeb 46a7a4ca86d5055bac7e3ba29825d896 83086 httpd optional apache2-utils_2.4.18-2ubuntu4.1_powerpc.deb 6ba76027dd07b3678f60b4d4474075b4 86344 httpd optional apache2_2.4.18-2ubuntu4.1_powerpc.deb Original-Maintainer: Debian Apache Maintainers