Format: 1.8 Date: Wed, 18 Apr 2018 10:53:04 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: i386 Version: 2.4.18-2ubuntu3.8 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.18-2ubuntu3.8) xenial-security; urgency=medium . * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect matching - debian/patches/CVE-2017-15715-pre.patch: add ap_cstr_casecmp[n]() to include/httpd.h, server/util.c. - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312 Checksums-Sha1: bb7d280e56cf9d57df3fc2f05d48365209c59632 992 apache2-bin-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb 2c6da538212604c80311b5bd0c8e9c959ece15d7 987832 apache2-bin_2.4.18-2ubuntu3.8_i386.deb 9da2d32fc34b8a88e0da5c35930e1073b5ded48a 1778942 apache2-dbg_2.4.18-2ubuntu3.8_i386.deb c439286e27ca31331d75353121ba52410a6ce533 970 apache2-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb 53dc01e8b28c08e0fce0846fa39c0b8c99419b09 1112 apache2-dev-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb 892d9c93031ead187e42cf73fd68b148a331b025 173164 apache2-dev_2.4.18-2ubuntu3.8_i386.deb f9acf39de0155393a108dc77adc191b65c893f2a 976 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb 950ddc91801a38b35529f6b03fe0eafcd3b0ac6b 15088 apache2-suexec-custom_2.4.18-2ubuntu3.8_i386.deb 9b1b067008fee00174b8f5fe7d491d31de876dab 920 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb 6e3ff62987258b521326b89dd3fc32432b604f4b 13580 apache2-suexec-pristine_2.4.18-2ubuntu3.8_i386.deb 8fbece74921425b86f1c1fadc6ae915cfdb8433f 1194 apache2-utils-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb 4fa546e0ceeb11234f17e8b32cdd9f14cacd68a3 86824 apache2-utils_2.4.18-2ubuntu3.8_i386.deb 95fa3695fe8e2c2b93c5b15098661cedbc57c8ee 86812 apache2_2.4.18-2ubuntu3.8_i386.deb Checksums-Sha256: aee717343904266ae8dea1ed57b641e1fca0e5c89c8fb0fb2d61ad3685403ff3 992 apache2-bin-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb 9e7a51a3e7166be96c702d12ab3666d334ae3ce4dfbb6a9118a1aa8349b4d369 987832 apache2-bin_2.4.18-2ubuntu3.8_i386.deb 738f842d3cffd5011b326235ff51f076dab7c15a5a99c0370e3197219db4dcc0 1778942 apache2-dbg_2.4.18-2ubuntu3.8_i386.deb 6e159a16848345d7fcb81ff91371645db17758a1812ab7cdbdeecce3b0f676cb 970 apache2-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb 521572e744c1d198fdf804e7577375e89a178bcf20fc1fd9394a58c8399ed6f5 1112 apache2-dev-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb 611e44982e71d41c2c9e03e9c4a8c902eefe86eaf4be5f4be3df3f2ba31994b2 173164 apache2-dev_2.4.18-2ubuntu3.8_i386.deb f7123c0bd855f2aa7c848452949d73aa93a4f6bd886d7503d872a8dcb448f749 976 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb 4c02d3988bd702df51012c59b034ceea3a9c91c78a8f6e55840491ea5c3cf568 15088 apache2-suexec-custom_2.4.18-2ubuntu3.8_i386.deb e44b36d721266608b45b878665b4513fd6857ae4b5621784744323cd30135683 920 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb fd6ea6a83851898d1b025b52a1ec6171d731fef6038233cfe69ac1e553c18c8c 13580 apache2-suexec-pristine_2.4.18-2ubuntu3.8_i386.deb 4de2da83f7871984157a4f69f17fbd4eb740494065c60365591613f1ad275973 1194 apache2-utils-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb 75b24a6a2975e2f73670bc770b03fc513859b1152f2a953299c62ef5136d8350 86824 apache2-utils_2.4.18-2ubuntu3.8_i386.deb 8ab5f79f55b689c499a54aa42ad450af39fa335876b14d0aaed73fe12542412b 86812 apache2_2.4.18-2ubuntu3.8_i386.deb Files: d30c2a82801a4a5b771b266d478b6434 992 httpd extra apache2-bin-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb 7f33d15b9351df0a2fe64f1eadd76e46 987832 httpd optional apache2-bin_2.4.18-2ubuntu3.8_i386.deb f6ced73d111e65679eeae26414a234ec 1778942 debug extra apache2-dbg_2.4.18-2ubuntu3.8_i386.deb 88990b5ff70668b8510aa37a143efbe1 970 httpd extra apache2-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb 846e11c85edb28d4ad9dcee5f8f86030 1112 httpd extra apache2-dev-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb 16aed065490104e3a8bb9bbe044b6f22 173164 httpd optional apache2-dev_2.4.18-2ubuntu3.8_i386.deb b77c75bcf77af310772070e4424dad3b 976 httpd extra apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb 08b170c84c7c4303420c02f70a57f335 15088 httpd extra apache2-suexec-custom_2.4.18-2ubuntu3.8_i386.deb 4bdb97464e21aa8af234646a3df8f91b 920 httpd extra apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb cb4d565e2a8da44a9264502c1658801a 13580 httpd optional apache2-suexec-pristine_2.4.18-2ubuntu3.8_i386.deb 1fba063628384f991c5429982fc0af18 1194 httpd extra apache2-utils-dbgsym_2.4.18-2ubuntu3.8_i386.ddeb 4bee5e76a2ebff1f274457fcc4e81c59 86824 httpd optional apache2-utils_2.4.18-2ubuntu3.8_i386.deb 4a4177bb47af6787946aa59ff9608f51 86812 httpd optional apache2_2.4.18-2ubuntu3.8_i386.deb Original-Maintainer: Debian Apache Maintainers