Format: 1.8 Date: Wed, 18 Apr 2018 10:53:04 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: ppc64el Version: 2.4.18-2ubuntu3.8 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.18-2ubuntu3.8) xenial-security; urgency=medium . * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect matching - debian/patches/CVE-2017-15715-pre.patch: add ap_cstr_casecmp[n]() to include/httpd.h, server/util.c. - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312 Checksums-Sha1: 7df58fd2fdb6aa4938161d4464a70f568eb32910 992 apache2-bin-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb 2ea5aa24e1b889f7b157bee908a753025e934633 882144 apache2-bin_2.4.18-2ubuntu3.8_ppc64el.deb 80391978dfb69c408d7a8603ab04a7695aa22551 2244618 apache2-dbg_2.4.18-2ubuntu3.8_ppc64el.deb 313c7d3b0af1aebdec80ab11ac08325625e32449 976 apache2-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb 4f273df83261dcffe41917858ae389bf4e049eae 1110 apache2-dev-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb 77f16c47d62d1b46af7149e003d4970acecb670c 173166 apache2-dev_2.4.18-2ubuntu3.8_ppc64el.deb 8e9ed7e5689d21ac44feabd28863847361093b1d 978 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb f0edd7e3e78aa995cd2443ed521073e3ef3edece 15200 apache2-suexec-custom_2.4.18-2ubuntu3.8_ppc64el.deb 274544706aaac8fa7e0a43ebf3210fb9da9913d9 920 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb ae208f70caffcf998c8a211987bee846780e08fb 13646 apache2-suexec-pristine_2.4.18-2ubuntu3.8_ppc64el.deb 269f9bcf7a3e22bc87052df1cd156b4ad5bf1d91 1194 apache2-utils-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb 837adee7599f94461e9455e571b58348cafe2e27 81418 apache2-utils_2.4.18-2ubuntu3.8_ppc64el.deb efba85c818ea1960a4c2121bc19286067ad4d015 86500 apache2_2.4.18-2ubuntu3.8_ppc64el.deb Checksums-Sha256: affed4a7b6557f6f2b45bc8d39ac1ed28eef5e4fb008fa88b9ab5ee8e2e4c07f 992 apache2-bin-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb d4e962c0f9c0f1b624c36c574f4dc439e080f81a9df344659f703075da67daa0 882144 apache2-bin_2.4.18-2ubuntu3.8_ppc64el.deb eec8075cc91c46be39b836ddc10407a324a9479c0382afd18cde2a51226b2f47 2244618 apache2-dbg_2.4.18-2ubuntu3.8_ppc64el.deb 3e74a888ba6d2f2548f703b390bbc68d2dd750dc1c331ec0c6597fc5365c7d8f 976 apache2-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb 1e6c4e905b0c32ae56a89bc26bcde74419334af651299a28ad4c674d8dc66189 1110 apache2-dev-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb 933e746034d534bbaaa7cc4d57fe4e5c1a49b9fb2afc7e71e058babad3a601c9 173166 apache2-dev_2.4.18-2ubuntu3.8_ppc64el.deb 272991601357de982c5a3fda7dafd8ebf1da23e44a9bf299a9dc0049610f5cae 978 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb 810c5f5b58021b09bb1f752ab347730896f194aacb246533654d8a4cbb65eb9d 15200 apache2-suexec-custom_2.4.18-2ubuntu3.8_ppc64el.deb bd9d7b839ac956f2b6c9f07c242ba7dc3d37749593a231caad9bc31e79a0b36f 920 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb e473c6f2f3d95bd8521e8dce36b34b1b493eceb8da060b78bda1d7a67cf23732 13646 apache2-suexec-pristine_2.4.18-2ubuntu3.8_ppc64el.deb d6c8f9aafa7763f04b06a8df2c03ea05645f8863ee14520f350551072429cb3c 1194 apache2-utils-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb 16dfc35fb884abf62710dbaf3d005533a430518dd8d6451e0646aa71872ce7d1 81418 apache2-utils_2.4.18-2ubuntu3.8_ppc64el.deb c20421b79a6646e821cb328c02b85068176b05a9362eaab6299492ae48667f74 86500 apache2_2.4.18-2ubuntu3.8_ppc64el.deb Files: 621fd00fec7a4411173a7e1e5f87f445 992 httpd extra apache2-bin-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb 6995ac17a58f9e16d4ebe4ebf88b6d02 882144 httpd optional apache2-bin_2.4.18-2ubuntu3.8_ppc64el.deb 1ed91da155254918a4e4ec732f698912 2244618 debug extra apache2-dbg_2.4.18-2ubuntu3.8_ppc64el.deb 241ad81307e31b827ceb0032289f6584 976 httpd extra apache2-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb 9ee498ef32ec568a021853253129b1ca 1110 httpd extra apache2-dev-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb 64adb38a8c25e112a4899295ae955ef4 173166 httpd optional apache2-dev_2.4.18-2ubuntu3.8_ppc64el.deb fa438fb5f10d67fcd540a5c7ab35d782 978 httpd extra apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb dcaacfb9161374bf9f3feeaca1b4c7c5 15200 httpd extra apache2-suexec-custom_2.4.18-2ubuntu3.8_ppc64el.deb 06fdc8aef80fefc2b191586a7f2f9f8e 920 httpd extra apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb 45a30c85e37e0a5067de8ab0dd652e15 13646 httpd optional apache2-suexec-pristine_2.4.18-2ubuntu3.8_ppc64el.deb 1d6fd2b690fd7b1ac8ad588409205efb 1194 httpd extra apache2-utils-dbgsym_2.4.18-2ubuntu3.8_ppc64el.ddeb d4cff09cc44dead5f620dfcb53ce7d49 81418 httpd optional apache2-utils_2.4.18-2ubuntu3.8_ppc64el.deb ad446b8eef31abf277da1afcd955a634 86500 httpd optional apache2_2.4.18-2ubuntu3.8_ppc64el.deb Original-Maintainer: Debian Apache Maintainers