Format: 1.8 Date: Fri, 05 May 2017 12:32:00 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: powerpc Version: 2.4.18-2ubuntu3.2 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.18-2ubuntu3.2) xenial-security; urgency=medium . * SECURITY UPDATE: mod_sessioncrypto padding oracle attack issue - debian/patches/CVE-2016-0736.patch: authenticate the session data/cookie with a MAC in modules/session/mod_session_crypto.c. - CVE-2016-0736 * SECURITY UPDATE: denial of service via malicious mod_auth_digest input - debian/patches/CVE-2016-2161.patch: improve memory handling in modules/aaa/mod_auth_digest.c. - CVE-2016-2161 * SECURITY UPDATE: response splitting and cache pollution issue via incomplete RFC7230 HTTP request grammar enforcing - debian/patches/CVE-2016-8743.patch: enfore stricter parsing in include/http_core.h, include/http_protocol.h, include/httpd.h, modules/http/http_filters.c, server/core.c, server/gen_test_char.c, server/protocol.c, server/util.c, server/vhost.c. - debian/patches/hostnames_with_underscores.diff: relax hostname restrictions in server/vhost.c. - CVE-2016-8743 * WARNING: The fix for CVE-2016-8743 introduces a behavioural change and may introduce compatibility issues with clients that do not strictly follow specifications. A new configuration directive, "HttpProtocolOptions Unsafe" can be used to re-enable some of the less strict parsing restrictions, at the expense of security. Checksums-Sha1: d18114fbcc59d4008e17eaf3d7f9f233458fd181 996 apache2-bin-dbgsym_2.4.18-2ubuntu3.2_powerpc.ddeb ebdb16d3c5aac276f1710010678faac35a8d3829 806144 apache2-bin_2.4.18-2ubuntu3.2_powerpc.deb 3d9bac2bc14915fff41bf4eacaf9a7b3efa82162 1994110 apache2-dbg_2.4.18-2ubuntu3.2_powerpc.deb 2ca70554e66d13173069347490056fbbdaaedfb6 972 apache2-dbgsym_2.4.18-2ubuntu3.2_powerpc.ddeb c451fe6c380d87e804ade18a88d40f5f48070550 1110 apache2-dev-dbgsym_2.4.18-2ubuntu3.2_powerpc.ddeb 7b36f896406b27db3b449ec7055ac6e042508889 171968 apache2-dev_2.4.18-2ubuntu3.2_powerpc.deb 73d85e24e97ef2a05bedec69e3c7d2a43f343320 976 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.2_powerpc.ddeb 8514ec5bd5cab0daf80d899a09eddc15bb081cdd 14974 apache2-suexec-custom_2.4.18-2ubuntu3.2_powerpc.deb 4ca5bc08ad96ac0f15ae6ef9277ee81ce6de5c86 920 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.2_powerpc.ddeb 9e4b399aaddbd68a8b2f1eb843c8739d99ce29e8 13430 apache2-suexec-pristine_2.4.18-2ubuntu3.2_powerpc.deb 540e2fecfe15b39d3ed3ee881255b29edd09c57b 1196 apache2-utils-dbgsym_2.4.18-2ubuntu3.2_powerpc.ddeb 138a011327f554c54932fa2917266f248b2ade41 83650 apache2-utils_2.4.18-2ubuntu3.2_powerpc.deb e18835fd4bb059bc8be81e093c6804095f4df108 86888 apache2_2.4.18-2ubuntu3.2_powerpc.deb Checksums-Sha256: 594c5ee9074380b7a9aefab8ce4af4c15201cc069071f3dc7309c60b1b84587d 996 apache2-bin-dbgsym_2.4.18-2ubuntu3.2_powerpc.ddeb 18a6de568d3ebffe2ba1216d2110b6747100d6697cdccac1ed31bdacc362474b 806144 apache2-bin_2.4.18-2ubuntu3.2_powerpc.deb 32631453ece8fda527a868d8ec50fa8f35c13435914531a53c0e32dc45e62297 1994110 apache2-dbg_2.4.18-2ubuntu3.2_powerpc.deb 9532a5541f401009d768c9d2e6e28f349ec7f835a7217b1fb18ead1354ea08a8 972 apache2-dbgsym_2.4.18-2ubuntu3.2_powerpc.ddeb 4598cd7f62295906c5dde918fd93dee5cb1746d9674b8ce6e347422e1009ea46 1110 apache2-dev-dbgsym_2.4.18-2ubuntu3.2_powerpc.ddeb f0816387fe77090f2bff62e263db20715b371cdccf921691c748f78deeaeb29c 171968 apache2-dev_2.4.18-2ubuntu3.2_powerpc.deb dd863540c1e2cde6e9f65f79449e72d9342304a27b695aa4fc0cf71d83205899 976 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.2_powerpc.ddeb 97dd448ae99bc045fe2e93108bcf32a47e8246c58654399a0585e64334eba5d7 14974 apache2-suexec-custom_2.4.18-2ubuntu3.2_powerpc.deb c6efcf936f5eeff6e545319a9ad9945d74f997efc3d08ec19f8b30dddc69cdc3 920 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.2_powerpc.ddeb 91f47245d09950b49bb6619951e4affeab2e3afe504c1f0441a207036efed2e1 13430 apache2-suexec-pristine_2.4.18-2ubuntu3.2_powerpc.deb e7abef22f664fc6cc6abf7c751b47ce51a7040d8cca332070669dac18f78a054 1196 apache2-utils-dbgsym_2.4.18-2ubuntu3.2_powerpc.ddeb 67c3105ed38be64a9b5c90904719a3508a6282c2a275644c220dc3b47a28b78f 83650 apache2-utils_2.4.18-2ubuntu3.2_powerpc.deb fe00debcc8f3845f0af30698969f6352c0ad44b20f60f8db535a617408465069 86888 apache2_2.4.18-2ubuntu3.2_powerpc.deb Files: ff037de46f74ee7fd7d6366257396f99 996 httpd extra apache2-bin-dbgsym_2.4.18-2ubuntu3.2_powerpc.ddeb 10a19c83d9c6b122aea70cb5a55e60b4 806144 httpd optional apache2-bin_2.4.18-2ubuntu3.2_powerpc.deb dcc09c91956f546c3ef7238b1c681433 1994110 debug extra apache2-dbg_2.4.18-2ubuntu3.2_powerpc.deb 01b05c4a1dbf44182d9ff550947ba98e 972 httpd extra apache2-dbgsym_2.4.18-2ubuntu3.2_powerpc.ddeb 8e785976a175f9367dcbe845db4a17a1 1110 httpd extra apache2-dev-dbgsym_2.4.18-2ubuntu3.2_powerpc.ddeb 42931705c31653cb68d518972adcfdb4 171968 httpd optional apache2-dev_2.4.18-2ubuntu3.2_powerpc.deb 6d26a2218dd7a0b01cdbe059f220d509 976 httpd extra apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.2_powerpc.ddeb b45e46fff937b76cbbc9810db1a45fb0 14974 httpd extra apache2-suexec-custom_2.4.18-2ubuntu3.2_powerpc.deb 7f1c3841d829a771c93647860d291631 920 httpd extra apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.2_powerpc.ddeb beaa6f9aa5f210c5ec1dafc2326e9503 13430 httpd optional apache2-suexec-pristine_2.4.18-2ubuntu3.2_powerpc.deb bd040fd3f7502023dfed80550fa54434 1196 httpd extra apache2-utils-dbgsym_2.4.18-2ubuntu3.2_powerpc.ddeb 474b7788284a1c49e516226d49023911 83650 httpd optional apache2-utils_2.4.18-2ubuntu3.2_powerpc.deb b86fc711cf934ab066adfb9eec783ae7 86888 httpd optional apache2_2.4.18-2ubuntu3.2_powerpc.deb Original-Maintainer: Debian Apache Maintainers