Format: 1.8 Date: Fri, 05 May 2017 10:51:32 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: ppc64el Version: 2.4.18-2ubuntu4.1 Distribution: yakkety Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.18-2ubuntu4.1) yakkety-security; urgency=medium . * SECURITY UPDATE: mod_sessioncrypto padding oracle attack issue - debian/patches/CVE-2016-0736.patch: authenticate the session data/cookie with a MAC in modules/session/mod_session_crypto.c. - CVE-2016-0736 * SECURITY UPDATE: denial of service via malicious mod_auth_digest input - debian/patches/CVE-2016-2161.patch: improve memory handling in modules/aaa/mod_auth_digest.c. - CVE-2016-2161 * SECURITY UPDATE: response splitting and cache pollution issue via incomplete RFC7230 HTTP request grammar enforcing - debian/patches/CVE-2016-8743.patch: enfore stricter parsing in include/http_core.h, include/http_protocol.h, include/httpd.h, modules/http/http_filters.c, server/core.c, server/gen_test_char.c, server/protocol.c, server/util.c, server/vhost.c. - debian/patches/hostnames_with_underscores.diff: relax hostname restrictions in server/vhost.c. - CVE-2016-8743 * WARNING: The fix for CVE-2016-8743 introduces a behavioural change and may introduce compatibility issues with clients that do not strictly follow specifications. A new configuration directive, "HttpProtocolOptions Unsafe" can be used to re-enable some of the less strict parsing restrictions, at the expense of security. Checksums-Sha1: 8b834b4f95c553fad5bb524686a3a514896f7182 986 apache2-bin-dbgsym_2.4.18-2ubuntu4.1_ppc64el.ddeb 33cbfe1f1097ee9000ca25e1efb3c1a0b150c0d4 871530 apache2-bin_2.4.18-2ubuntu4.1_ppc64el.deb c0552a9a3ebbc25bac5a997252b503d2bb6b5d04 2363374 apache2-dbg_2.4.18-2ubuntu4.1_ppc64el.deb 8e7e0c733be9e00261fbc2b16c15085c9f60f2f3 970 apache2-dbgsym_2.4.18-2ubuntu4.1_ppc64el.ddeb 27a25b81cae50ff0a6625f02c4cd720431b4b60c 1106 apache2-dev-dbgsym_2.4.18-2ubuntu4.1_ppc64el.ddeb ac7157816db4b3f311a25479473829bf6ca95ea8 172434 apache2-dev_2.4.18-2ubuntu4.1_ppc64el.deb 832b57e8adfe42d253a5375f38b6ef8a16549ca1 974 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu4.1_ppc64el.ddeb 8f5de3a97319a9c80294eb818084556178e6c291 15076 apache2-suexec-custom_2.4.18-2ubuntu4.1_ppc64el.deb 1120625805bb078bb91411f1d4f6076f2b85457e 916 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu4.1_ppc64el.ddeb fab3def55093072cdb99da2d2b02ead7766ab03a 13540 apache2-suexec-pristine_2.4.18-2ubuntu4.1_ppc64el.deb 084d3073bc95936c49eabb8b9aed84e72ee09c09 1190 apache2-utils-dbgsym_2.4.18-2ubuntu4.1_ppc64el.ddeb c13d37275d6ba51251a0330a6f604971d5e9dd6b 80192 apache2-utils_2.4.18-2ubuntu4.1_ppc64el.deb 547b578cb9bfefa945e87c7e59ed7a2c0dff0ede 86344 apache2_2.4.18-2ubuntu4.1_ppc64el.deb Checksums-Sha256: 66f9a67821b53830bdeb96e88deb5bd16282f39a4d22b0e09027b02a8b4b2205 986 apache2-bin-dbgsym_2.4.18-2ubuntu4.1_ppc64el.ddeb c780fcf78dfd7b839b61e35284992d544f1803571198187611aa64250948a1f9 871530 apache2-bin_2.4.18-2ubuntu4.1_ppc64el.deb c87b8737c2a8f0513a7aa5aa410d15e4b9e5e92d47eae041b4eec4d57c122e70 2363374 apache2-dbg_2.4.18-2ubuntu4.1_ppc64el.deb ee8b81fefa1ab2b3167f9648c4027998bc38c6452dc1c550ea26e9c1b0cc73e3 970 apache2-dbgsym_2.4.18-2ubuntu4.1_ppc64el.ddeb 55460f57b60063ea9827888ceb2bb42543443c59b18afcc7d40ae746b2f63a3e 1106 apache2-dev-dbgsym_2.4.18-2ubuntu4.1_ppc64el.ddeb e12ad1648d657d19d7d9b98170e7790aae15b256ba4f7553a5806ca1a37c05b8 172434 apache2-dev_2.4.18-2ubuntu4.1_ppc64el.deb 24742453c2517ff6c9d758b9f3edd1121fd9d2d560f04ccfc9c18a3a95412bb1 974 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu4.1_ppc64el.ddeb 91a364b31f3346592def58f769e6f7acdcfc985f799c37da1d2d9eac3f2f1717 15076 apache2-suexec-custom_2.4.18-2ubuntu4.1_ppc64el.deb 246cf6a10558fb7925ee71095b17d23220cf8ba628e2f3ff300448a9b4eebb4a 916 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu4.1_ppc64el.ddeb e1603ae9242a332fde150576b0aeb9abcbeb951134a782b73187b6c4c1eb54db 13540 apache2-suexec-pristine_2.4.18-2ubuntu4.1_ppc64el.deb 6562b97df8cb7167d00472ddb4cfe15782ed8f69231b015c1df4bc8c1350954f 1190 apache2-utils-dbgsym_2.4.18-2ubuntu4.1_ppc64el.ddeb 4ad966e6cc41125b21cbc10db9a0ec369e157ccfb30080571b52dfce6c2c853a 80192 apache2-utils_2.4.18-2ubuntu4.1_ppc64el.deb 105db5e5f221c0680b55d442b4b411560fd80fe7de989fbfcd084f21ee6e705d 86344 apache2_2.4.18-2ubuntu4.1_ppc64el.deb Files: 7dbc36ed4b71a74e554db35e5c1fecc7 986 httpd extra apache2-bin-dbgsym_2.4.18-2ubuntu4.1_ppc64el.ddeb 54195c17bed2234c8705c989d3133f8b 871530 httpd optional apache2-bin_2.4.18-2ubuntu4.1_ppc64el.deb 04c08a92a74de6827b66c68bc3897131 2363374 debug extra apache2-dbg_2.4.18-2ubuntu4.1_ppc64el.deb e2ef5d02299539b7ee2272bd94f4d476 970 httpd extra apache2-dbgsym_2.4.18-2ubuntu4.1_ppc64el.ddeb a20bc58770c32462f16ee50063e92225 1106 httpd extra apache2-dev-dbgsym_2.4.18-2ubuntu4.1_ppc64el.ddeb 38a3d9547052e59859ec76e958fb4aba 172434 httpd optional apache2-dev_2.4.18-2ubuntu4.1_ppc64el.deb 8f7a34d935bedb151fa214e7074b1641 974 httpd extra apache2-suexec-custom-dbgsym_2.4.18-2ubuntu4.1_ppc64el.ddeb 7d557eed978af5c63d85ec054b20e33d 15076 httpd extra apache2-suexec-custom_2.4.18-2ubuntu4.1_ppc64el.deb b3ff3b18fa09dd118ab249152bb02ac5 916 httpd extra apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu4.1_ppc64el.ddeb 29f43440e6caa6bd17bde9c780c45207 13540 httpd optional apache2-suexec-pristine_2.4.18-2ubuntu4.1_ppc64el.deb 37aebaac36d98df48b2c3f4cb96b9015 1190 httpd extra apache2-utils-dbgsym_2.4.18-2ubuntu4.1_ppc64el.ddeb af0bd0d8fb9faf3a6466fd2bac625c47 80192 httpd optional apache2-utils_2.4.18-2ubuntu4.1_ppc64el.deb b386155fcf4ef70c07806819323f1199 86344 httpd optional apache2_2.4.18-2ubuntu4.1_ppc64el.deb Original-Maintainer: Debian Apache Maintainers