Format: 1.8 Date: Mon, 26 Jun 2017 07:50:10 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: amd64 all Version: 2.4.25-3ubuntu2.1 Distribution: zesty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.25-3ubuntu2.1) zesty-security; urgency=medium . * SECURITY UPDATE: authentication bypass in ap_get_basic_auth_pw() - debian/patches/CVE-2017-3167.patch: deprecate and replace ap_get_basic_auth_pw in include/ap_mmn.h, include/http_protocol.h, server/protocol.c, server/request.c. - CVE-2017-3167 * SECURITY UPDATE: NULL pointer deref in ap_hook_process_connection() - debian/patches/CVE-2017-3169.patch: fix ctx passed to ssl_io_filter_error() in modules/ssl/ssl_engine_io.c. - CVE-2017-3169 * SECURITY UPDATE: denial of service and possible incorrect value return in HTTP strict parsing changes - debian/patches/CVE-2017-7668.patch: short-circuit on NULL in server/util.c. - CVE-2017-7668 * SECURITY UPDATE: mod_mime DoS via crafted Content-Type response header - debian/patches/CVE-2017-7679.patch: fix quoted pair scanning in modules/http/mod_mime.c. - CVE-2017-7679 Checksums-Sha1: af069eda905ed0c4818d6af9af3151c850478c58 992 apache2-bin-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb c8896a9d1958337f2402126a96442e76b0ea6806 949402 apache2-bin_2.4.25-3ubuntu2.1_amd64.deb e7583614b8c2750719b6ec2595d95dbdca251bf0 161000 apache2-data_2.4.25-3ubuntu2.1_all.deb 2298499f25236a337fe96e4f695c5f31723522d0 3622676 apache2-dbg_2.4.25-3ubuntu2.1_amd64.deb f11a26c07234548321cf2583f6d773e85fe1544c 978 apache2-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb 6fc5be674be5a41a74104159c3defb6d0cae241b 1112 apache2-dev-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb bbd2dd3a8adde4ca9221cbcea85b9c7ab516033d 176628 apache2-dev_2.4.25-3ubuntu2.1_amd64.deb 45295da9eb12380d199579ab692f0e5ee87f3b02 3633904 apache2-doc_2.4.25-3ubuntu2.1_all.deb ef5b726a7786625b4ca2cc890bcfb1de46683749 988 apache2-ssl-dev-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb a2f13a840235466667d8dc00edf0afdd19331be3 2300 apache2-ssl-dev_2.4.25-3ubuntu2.1_amd64.deb e56f9c4b5040c30c655f044ac82fc62c019c4c0b 980 apache2-suexec-custom-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb 40d465f02cf610c0856008d02a04f453bc9e5e0e 15106 apache2-suexec-custom_2.4.25-3ubuntu2.1_amd64.deb b7db0899382d13f789e7e43c6a3284e656cab43f 924 apache2-suexec-pristine-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb ca1b2d1d9fe1fc13548340d117911835c59936ba 13590 apache2-suexec-pristine_2.4.25-3ubuntu2.1_amd64.deb 5937b40d62ef4cbe0ab2833117e9c95938a98da0 1196 apache2-utils-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb b6469d74aa127e99e6e4c5770febb543a2164bf3 82620 apache2-utils_2.4.25-3ubuntu2.1_amd64.deb e06165bbe2dc6bb1951d4032e99e593231f8b28c 95852 apache2_2.4.25-3ubuntu2.1_amd64.deb Checksums-Sha256: 079153167620d7a7e399c9a51e3d518696e21b33611fb101d19b885242da874e 992 apache2-bin-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb 87872824427e4d93430e2553abd0e0aa1e2b925ca1609e803a59d1fa90004074 949402 apache2-bin_2.4.25-3ubuntu2.1_amd64.deb 89ad7234b4f9d3921cc429f96d0e6e18e548738c7d1c107cd2e378cc0c295afe 161000 apache2-data_2.4.25-3ubuntu2.1_all.deb cae0b715ac00b317c36a9349e1856166c9492d9333c8488d240ab28dd97f1d4e 3622676 apache2-dbg_2.4.25-3ubuntu2.1_amd64.deb e9ed7c1a1ee1e6e1cb6eee0c2da36e03cc0cffb0f5cc433a09e00e11d071968e 978 apache2-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb af16c139e714cdca81dbb202227be6b32cb076e936f4410f5a786a1e4226a740 1112 apache2-dev-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb 293e33cec258c52da4301f5c11aa72a51c3a894046671604169dedaf349a6b60 176628 apache2-dev_2.4.25-3ubuntu2.1_amd64.deb 2f7b65aa8998856b6f3601fd72e11bc244b33dffae0f6252728832a3060d06dd 3633904 apache2-doc_2.4.25-3ubuntu2.1_all.deb 610a9e3499ac18132c967a6dc845e0466c00e1023f91b28749e2ebc157bbc0c4 988 apache2-ssl-dev-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb c80a4b4435fae7d021e8d9413e33d4ed8b771495dd0d69d5c5d30f510308b662 2300 apache2-ssl-dev_2.4.25-3ubuntu2.1_amd64.deb b60fd29d0072231ac9bd1d7c8d2782f79cd95a22f954370efe8e1306813d6b57 980 apache2-suexec-custom-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb 5075603746a26e69810de7ffd50c76f31fc18271dd34eb3a82c4ac5df197ef04 15106 apache2-suexec-custom_2.4.25-3ubuntu2.1_amd64.deb 4e63002651c1a5596beb2a7cf665770f5c45bb229e76c4a15feb8165fc09865b 924 apache2-suexec-pristine-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb 4f1f5a10f888f45752f47383655d7cd315612913a18abfb4dc8c93898ebf9a51 13590 apache2-suexec-pristine_2.4.25-3ubuntu2.1_amd64.deb e25ec5d6321b8c2d956f95beb734e7a14c022a31f680aab6bb0e27cb3b2d6368 1196 apache2-utils-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb a92762e6b31fcba738ec92cee6590f98b4a7893484ef9c2b29dc8dd5dd1af2b7 82620 apache2-utils_2.4.25-3ubuntu2.1_amd64.deb 25b19cb65fd095b8512851a0eef19785dbc18986f0b4e030af288ff4670b9a74 95852 apache2_2.4.25-3ubuntu2.1_amd64.deb Files: 72376c76aa3c02fac16f0298c273a34e 992 httpd extra apache2-bin-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb 9f80dfe3ccd0a058e4793be310e942f2 949402 httpd optional apache2-bin_2.4.25-3ubuntu2.1_amd64.deb 06a5e588a94238ed9f18e3b6e59d3e66 161000 httpd optional apache2-data_2.4.25-3ubuntu2.1_all.deb eb55ea2288e593e6d68b16cb868c5d6c 3622676 debug extra apache2-dbg_2.4.25-3ubuntu2.1_amd64.deb 03eda030e8dbe2f6395f70ec2bee1647 978 httpd extra apache2-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb 40aece448964f2c9089d3ac98c9230e0 1112 httpd extra apache2-dev-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb 57868935e2807da0e9c1c53daa9834ea 176628 httpd optional apache2-dev_2.4.25-3ubuntu2.1_amd64.deb 2f63fbf9bdf8fc6091edb9b8ef1d0604 3633904 doc optional apache2-doc_2.4.25-3ubuntu2.1_all.deb 601feac555aa42d6b334124f621badfe 988 httpd extra apache2-ssl-dev-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb d40faf00a279232f64b8f6be830860c1 2300 httpd optional apache2-ssl-dev_2.4.25-3ubuntu2.1_amd64.deb 2bec613369993e6a8cdb55183f892034 980 httpd extra apache2-suexec-custom-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb 93fa1ef1ef3ef284e71990aa372d7308 15106 httpd extra apache2-suexec-custom_2.4.25-3ubuntu2.1_amd64.deb 443ddd3bb3a039c093a34c65359c49ae 924 httpd extra apache2-suexec-pristine-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb cd23210099009c42d0b80e83074ef5a6 13590 httpd optional apache2-suexec-pristine_2.4.25-3ubuntu2.1_amd64.deb 2122ba048bf9eb0ee2889d8f37d19c54 1196 httpd extra apache2-utils-dbgsym_2.4.25-3ubuntu2.1_amd64.ddeb 7ccd78a7d861977714d8aba793625163 82620 httpd optional apache2-utils_2.4.25-3ubuntu2.1_amd64.deb 2b78194135f61c285f505b9097148e61 95852 httpd optional apache2_2.4.25-3ubuntu2.1_amd64.deb Original-Maintainer: Debian Apache Maintainers