Format: 1.8 Date: Wed, 25 Apr 2018 07:38:24 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: ppc64el Version: 2.4.29-1ubuntu4.1 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.29-1ubuntu4.1) bionic-security; urgency=medium . * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect matching - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312 Checksums-Sha1: c8d9b125a1e676118edc40ad6cd62fbe46be1674 1095728 apache2-bin_2.4.29-1ubuntu4.1_ppc64el.deb 56ad0aa4a75c5f8f979434a5ee7beb04ae1c3af7 4452288 apache2-dbg_2.4.29-1ubuntu4.1_ppc64el.deb cbd9b5cb5c2ba489bf5f7508b9ae6a5a87e88d69 176852 apache2-dev_2.4.29-1ubuntu4.1_ppc64el.deb ee3b84041ed72d4eaa070859530425340164ee14 2400 apache2-ssl-dev_2.4.29-1ubuntu4.1_ppc64el.deb 2fc206d40779e1863aea8e1b03eddebaed15f6f4 15176 apache2-suexec-custom_2.4.29-1ubuntu4.1_ppc64el.deb cc49e89cfb018ce985722bcaab9233ea105f9b58 13632 apache2-suexec-pristine_2.4.29-1ubuntu4.1_ppc64el.deb 9151eb54e64b1ad94055dfb293936c8827c7f61e 84596 apache2-utils_2.4.29-1ubuntu4.1_ppc64el.deb 6518850a15a1e893104da71dfe94b1e343b0b391 9698 apache2_2.4.29-1ubuntu4.1_ppc64el.buildinfo 8da09b073173f5f0c8609133b9d99a2bf1a50773 95120 apache2_2.4.29-1ubuntu4.1_ppc64el.deb Checksums-Sha256: be0809082c501f7e36f49d936362fbcde66fc1d92b1b7faa2ee8ed650c279780 1095728 apache2-bin_2.4.29-1ubuntu4.1_ppc64el.deb 3b7e7ba75d98e15c5b1036f754e07ea1da7c8104760d88d56ad2680dad33f454 4452288 apache2-dbg_2.4.29-1ubuntu4.1_ppc64el.deb 6b5028a5fbb9cb9b5ed9d9370a62c213029996bc809dc948edc6c2628306bb05 176852 apache2-dev_2.4.29-1ubuntu4.1_ppc64el.deb 3eefc3167151d68528e1d68c8e4b3cae3684693625fe44cc2fd61ef661f52366 2400 apache2-ssl-dev_2.4.29-1ubuntu4.1_ppc64el.deb b8bbd73d1a1907b8f9b696cd22d2e268e90cbf6e44632d0044b9e77d68133da5 15176 apache2-suexec-custom_2.4.29-1ubuntu4.1_ppc64el.deb 627720084dfaa81c29ec7a902b09240df67cc75eb23da3bc2ae68bdadafed9dc 13632 apache2-suexec-pristine_2.4.29-1ubuntu4.1_ppc64el.deb f95ff382b27c99b857feb4c2252891cfcd7c072809da96050e67a31341f9a9f4 84596 apache2-utils_2.4.29-1ubuntu4.1_ppc64el.deb 8574c0373f244b3705913eaf8fefca7bb5a4e20eda0ac74d7b148851721ed72f 9698 apache2_2.4.29-1ubuntu4.1_ppc64el.buildinfo a42a7139763b963ecb09a605c4e87c013ffa9a03344d2776c925af06ccd9ad1c 95120 apache2_2.4.29-1ubuntu4.1_ppc64el.deb Files: e8665bfd3be0c4cbd5adddaa157b43ce 1095728 httpd optional apache2-bin_2.4.29-1ubuntu4.1_ppc64el.deb 4469cc7080ecf7ad010831d95b22b232 4452288 debug optional apache2-dbg_2.4.29-1ubuntu4.1_ppc64el.deb c80bc688b977dfb13b7eb8fea6611c28 176852 httpd optional apache2-dev_2.4.29-1ubuntu4.1_ppc64el.deb b3d14c1141d6fd2a80e389edcecf0463 2400 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.1_ppc64el.deb 5ab3c4537060d63ac497c20d812787ba 15176 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.1_ppc64el.deb 069707999b63e85bce7ca67fdc27706a 13632 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.1_ppc64el.deb afc9ef4bc2bbee9161b9d5691b219e3c 84596 httpd optional apache2-utils_2.4.29-1ubuntu4.1_ppc64el.deb 9bbdad512a162ea12a4b56c6fe547fd5 9698 httpd optional apache2_2.4.29-1ubuntu4.1_ppc64el.buildinfo 97e90e807580ed8605a312a641147705 95120 httpd optional apache2_2.4.29-1ubuntu4.1_ppc64el.deb Original-Maintainer: Debian Apache Maintainers