Format: 1.8 Date: Wed, 25 Apr 2018 07:38:24 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: arm64 Version: 2.4.29-1ubuntu4.1 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.29-1ubuntu4.1) bionic-security; urgency=medium . * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect matching - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312 Checksums-Sha1: 6eb127c600e47d39540a02a3213e81424d16b907 901252 apache2-bin_2.4.29-1ubuntu4.1_arm64.deb 2fa24874338e3bf3e0e8c039bc6bf27098cdad9e 4112144 apache2-dbg_2.4.29-1ubuntu4.1_arm64.deb ec34124c0b726ec42b6e8d3fc296ae34f6d304c9 176844 apache2-dev_2.4.29-1ubuntu4.1_arm64.deb 5e363b803591ee7868e53c98df4decbeaf2c7d1d 2396 apache2-ssl-dev_2.4.29-1ubuntu4.1_arm64.deb b6f6e369c4b4b388c30e91bdaddf28002bf72da7 14832 apache2-suexec-custom_2.4.29-1ubuntu4.1_arm64.deb b90e78f6fdce905a6f8c64b4a7dcaebd5aad4a15 13352 apache2-suexec-pristine_2.4.29-1ubuntu4.1_arm64.deb f355aaf44f00a3348d230751cad30fb0a9a60b6e 78212 apache2-utils_2.4.29-1ubuntu4.1_arm64.deb f8a2a0e86394851d3b9926fa58b55cfd69ee44c4 9639 apache2_2.4.29-1ubuntu4.1_arm64.buildinfo 9e88e10406e0d363ada36173deef22d42efccde1 95116 apache2_2.4.29-1ubuntu4.1_arm64.deb Checksums-Sha256: 1f3999b36a098ab993df3a63290c64db628eb99adf9edd620c797495164f6290 901252 apache2-bin_2.4.29-1ubuntu4.1_arm64.deb 7747cd8edcd9cdd2b1d12aad3518793060cbb22dfc1ff631372b836c30ca4061 4112144 apache2-dbg_2.4.29-1ubuntu4.1_arm64.deb 6a31fbfdcdf9fdcccf0eda5e867c8fe2e8cf668a70414a0c2c9f737d47d5d233 176844 apache2-dev_2.4.29-1ubuntu4.1_arm64.deb 6a530097206de8189d3c90364276c34f72561c9df06902da30aeda013d2b693a 2396 apache2-ssl-dev_2.4.29-1ubuntu4.1_arm64.deb 2360f4f3c82dcb2f6925c8bccc846b86228520b1a29a50bb3f832386bbdc1df1 14832 apache2-suexec-custom_2.4.29-1ubuntu4.1_arm64.deb ce459c4a453a36a9a66042b7e26dfe8e0923ac3c67b4844285dd642b504b6c01 13352 apache2-suexec-pristine_2.4.29-1ubuntu4.1_arm64.deb 378753dd5711cb779b1242b8701db41256b607443317f0977fa1d297a39ed0a8 78212 apache2-utils_2.4.29-1ubuntu4.1_arm64.deb a5eb206e66b024ad6c256f6f329885672ad51d851533ca55310482ff8f33b07e 9639 apache2_2.4.29-1ubuntu4.1_arm64.buildinfo bac853bdc3b61fed0d279200ec6a76b050eb44428e4b794902dad015b7e1384e 95116 apache2_2.4.29-1ubuntu4.1_arm64.deb Files: 6b7950f1ff8998e57dead5702df13fc7 901252 httpd optional apache2-bin_2.4.29-1ubuntu4.1_arm64.deb 19abd97a11338c42cc4ce0321846b2d7 4112144 debug optional apache2-dbg_2.4.29-1ubuntu4.1_arm64.deb a0b6475edf103f39292e6dea73ce5d21 176844 httpd optional apache2-dev_2.4.29-1ubuntu4.1_arm64.deb ddfdb450a0fedc993319e8cb43587543 2396 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.1_arm64.deb 0cb88d0ed8cc67acb34c2f9e87352091 14832 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.1_arm64.deb f82bc8bf137d63584c1130e86773967c 13352 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.1_arm64.deb 554a7de3c37825f1ebf82fe3876b32b5 78212 httpd optional apache2-utils_2.4.29-1ubuntu4.1_arm64.deb c1d7ebc25ab096c98a346a1c7a6681cf 9639 httpd optional apache2_2.4.29-1ubuntu4.1_arm64.buildinfo c992e409ee954a3d26b11742f2427807 95116 httpd optional apache2_2.4.29-1ubuntu4.1_arm64.deb Original-Maintainer: Debian Apache Maintainers