Format: 1.8 Date: Wed, 18 Apr 2018 10:53:04 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: arm64 Version: 2.4.18-2ubuntu3.8 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.18-2ubuntu3.8) xenial-security; urgency=medium . * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect matching - debian/patches/CVE-2017-15715-pre.patch: add ap_cstr_casecmp[n]() to include/httpd.h, server/util.c. - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312 Checksums-Sha1: 2805b1d82792450e2fee04be6a668f096ae5e4d9 992 apache2-bin-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb bbfc49e28bca0ef827523d5ece33d6869b197ce1 771264 apache2-bin_2.4.18-2ubuntu3.8_arm64.deb b65d15a7ec2fa5559eb6ad8c8ddaa13f6ae1d8eb 2061598 apache2-dbg_2.4.18-2ubuntu3.8_arm64.deb b6a0f6256c51696ad49b86ef17bb80a5f4548dea 974 apache2-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb 6b70c9beeedae881830ca5931bf19b883c503edd 1112 apache2-dev-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb 9f6071289667e09ab6c5392a6df806b4fab91959 173086 apache2-dev_2.4.18-2ubuntu3.8_arm64.deb 4d3fceb480d97ec054cfcbf150c28e80b2e873fb 976 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb b4c2def40029d03cb7234bb11f3800609cace374 14932 apache2-suexec-custom_2.4.18-2ubuntu3.8_arm64.deb 225ad29bece3d9b4c345e7b5418128c22ac9d751 922 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb de19e59c9d81e940dfaf7b4428c1275a7a6237f0 13450 apache2-suexec-pristine_2.4.18-2ubuntu3.8_arm64.deb 5c1cc49b0825f85a3a58d36c9a0b21125a9f4f7d 1196 apache2-utils-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb af5541c71bfbf5b4349ed385fae9e5b5dbed07cc 78350 apache2-utils_2.4.18-2ubuntu3.8_arm64.deb ee7b867ab8ff4a251bb458320cdfde2142abcba4 86676 apache2_2.4.18-2ubuntu3.8_arm64.deb Checksums-Sha256: 41eec42b4d3cfb19be0db3e44ea5e3803b4464039d6915623235306a4fd6a0fa 992 apache2-bin-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb ec773d6e992c644e4ca3d1e8610aed0196ae28713d51417e8029e2e10e000af6 771264 apache2-bin_2.4.18-2ubuntu3.8_arm64.deb fb37b3c1dc9a65cc45ce5c41c4d59e0e4116aebd75f2889a9e16ad2a0f7edcc2 2061598 apache2-dbg_2.4.18-2ubuntu3.8_arm64.deb ef25db5c344bd43091263e77c2e5fbb4d1f7ac1d96da2274d73bf0be5d3c3a42 974 apache2-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb 8cc4423e61b6d3ef222883023437e88b5dba7405519d2151fa1f02bd62d225a3 1112 apache2-dev-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb f6ecec31c756afe486281b0f3924a04cbecfb2bb072da9270730aa8ec7d58aab 173086 apache2-dev_2.4.18-2ubuntu3.8_arm64.deb 3e4f2dda8f7d64dd299b03e51d36360af55fe421f6c5caaf615483a0dc58ce5d 976 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb e169141976d40ab9cd0cb8e3cb43221d0dc1cbcd7cf37ec07d033033e21deabe 14932 apache2-suexec-custom_2.4.18-2ubuntu3.8_arm64.deb 1cabef8bd210eb68b1a9f2863b6873c98fa5b7161db6b632f695de88d5b42450 922 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb 795cc0d279f2b87536afd0fe8876a682f97c2c82d179621057f32de31acbc8ec 13450 apache2-suexec-pristine_2.4.18-2ubuntu3.8_arm64.deb 0b0fbf1128248cfe744a8a02598acf05ad18d176c1e5d9e5898c534281b91b67 1196 apache2-utils-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb 3fc51ca1c5537bd10de47dea8bbe0806a367ed9f513a818b4d36c7594af8e25a 78350 apache2-utils_2.4.18-2ubuntu3.8_arm64.deb 8a8b8ec970c6b3947a74932fbfcaef842174d998fd835077e56e7da6674f47d6 86676 apache2_2.4.18-2ubuntu3.8_arm64.deb Files: a4885ec36f1dbc292b49644e6cb8b57f 992 httpd extra apache2-bin-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb 822c1488465984a099c70761b3436875 771264 httpd optional apache2-bin_2.4.18-2ubuntu3.8_arm64.deb 4ac21d3244dbcac2bedade650270fa1c 2061598 debug extra apache2-dbg_2.4.18-2ubuntu3.8_arm64.deb 164653a23d794f2c81569b5991be7e42 974 httpd extra apache2-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb 419e28227b84447d88faa5b2db66d11e 1112 httpd extra apache2-dev-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb eb8191a12810aa3a96041cf1f2b884dc 173086 httpd optional apache2-dev_2.4.18-2ubuntu3.8_arm64.deb cd80940b658115066bdb8ac1f6b2e2c0 976 httpd extra apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb 6f2c4f5c7b2b99b05763b4cd236d9f2e 14932 httpd extra apache2-suexec-custom_2.4.18-2ubuntu3.8_arm64.deb 93f4c204a3dff8cd2344e40f0ce399f3 922 httpd extra apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb fc91cb00b67e18056178060f907b9369 13450 httpd optional apache2-suexec-pristine_2.4.18-2ubuntu3.8_arm64.deb 62f48fedaedda941fe0413363e6f9824 1196 httpd extra apache2-utils-dbgsym_2.4.18-2ubuntu3.8_arm64.ddeb 876ab6850629211fd8dd0fe9bb8aa07a 78350 httpd optional apache2-utils_2.4.18-2ubuntu3.8_arm64.deb bad59fe3ba1298d87cb3ad4eb0e5e4ba 86676 httpd optional apache2_2.4.18-2ubuntu3.8_arm64.deb Original-Maintainer: Debian Apache Maintainers