Format: 1.8 Date: Wed, 03 Apr 2019 08:50:09 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg libapache2-mod-proxy-uwsgi Architecture: ppc64el Version: 2.4.34-1ubuntu2.1 Distribution: cosmic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.34-1ubuntu2.1) cosmic-security; urgency=medium . * SECURITY UPDATE: slowloris DoS in mod_http2 - debian/patches/CVE-2018-17189.patch: change cleanup strategy for slave connections in modules/http2/h2_conn.c. - CVE-2018-17189 * SECURITY UPDATE: mod_session expiry time issue - debian/patches/CVE-2018-17199.patch: always decode session attributes early in modules/session/mod_session.c. - CVE-2018-17199 * SECURITY UPDATE: read-after-free on a string compare in mod_http2 - debian/patches/CVE-2019-0196.patch: disentangelment of stream and request method in modules/http2/h2_request.c. - CVE-2019-0196 * SECURITY UPDATE: privilege escalation from modules' scripts - debian/patches/CVE-2019-0211.patch: bind the bucket number of each child to its slot number in include/scoreboard.h, server/mpm/event/event.c, server/mpm/prefork/prefork.c, server/mpm/worker/worker.c. - CVE-2019-0211 * SECURITY UPDATE: mod_auth_digest access control bypass - debian/patches/CVE-2019-0217.patch: fix a race condition in modules/aaa/mod_auth_digest.c. - CVE-2019-0217 * SECURITY UPDATE: URL normalization inconsistincy - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in the path in include/http_core.h, include/httpd.h, server/core.c, server/request.c, server/util.c. - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety in server/request.c, server/util.c. - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in server/util.c. - CVE-2019-0220 Checksums-Sha1: e27272ff5aece367d94c97ab745aba678f3f13c2 1207332 apache2-bin_2.4.34-1ubuntu2.1_ppc64el.deb f632aea1d78d14bd9dfda14edf89d3e319f410ba 4914608 apache2-dbg_2.4.34-1ubuntu2.1_ppc64el.deb 5ae0d9304afe60b2959efa515e8f48be9e2375d8 179392 apache2-dev_2.4.34-1ubuntu2.1_ppc64el.deb 63ebacce4ccc0e92253e656b4af912da05cd5875 2396 apache2-ssl-dev_2.4.34-1ubuntu2.1_ppc64el.deb 37108d1082b7703ea03126a2b745827393d379a4 15596 apache2-suexec-custom_2.4.34-1ubuntu2.1_ppc64el.deb 9e1c6504120d2fae48d76c2a0f6c9ab08cbeb9f1 14060 apache2-suexec-pristine_2.4.34-1ubuntu2.1_ppc64el.deb 81196cf43b110667b4aae72e08ac5c82e7d95426 90816 apache2-utils_2.4.34-1ubuntu2.1_ppc64el.deb cb4141591b67fb95ecbdb7a4fb1bf0b22bc483a6 10066 apache2_2.4.34-1ubuntu2.1_ppc64el.buildinfo 29b73016c971c9504445c45fa47aa3612682d0e8 95056 apache2_2.4.34-1ubuntu2.1_ppc64el.deb 4ea81e8d9746f8fe9921d5bd7fc63032e320a813 1004 libapache2-mod-proxy-uwsgi_2.4.34-1ubuntu2.1_ppc64el.deb Checksums-Sha256: 303e97680fed5514915b9851ff90a52b11416c441d79dea988faea8055306159 1207332 apache2-bin_2.4.34-1ubuntu2.1_ppc64el.deb 5034da62b57986d2154a5120c03b651a8121ff1f37ec83c49c86f23e4a93f0c7 4914608 apache2-dbg_2.4.34-1ubuntu2.1_ppc64el.deb dc2657668ea180bec7b291e2c4032025317bae95b2576f33e9c57ac39d87faf6 179392 apache2-dev_2.4.34-1ubuntu2.1_ppc64el.deb 485552ad0b4c876e16158da98da707755863cebfd673d6e6c908c06d7e54bb2e 2396 apache2-ssl-dev_2.4.34-1ubuntu2.1_ppc64el.deb 3bbd94ecc5245ac280ef1e5d4da1b3865a9fdafccf1cb7f37338f3aa22e36820 15596 apache2-suexec-custom_2.4.34-1ubuntu2.1_ppc64el.deb 41e38980e8a7b881588a33cc33563999fd645bafde6dbf21fb7d599bf5dd96de 14060 apache2-suexec-pristine_2.4.34-1ubuntu2.1_ppc64el.deb d651ebef3d01a2d17e9c38eb3b9e948e80d3e2481b8858f9cfae0b322e234718 90816 apache2-utils_2.4.34-1ubuntu2.1_ppc64el.deb c8884b22fff2446d3fbf77985ad516297e400605e5293207579ddac24faa4b8b 10066 apache2_2.4.34-1ubuntu2.1_ppc64el.buildinfo da9b206d3ca5c93d5ff2ea2f3a26bb4c6e0fc17ed1c38e31e6a0cef5bab1535b 95056 apache2_2.4.34-1ubuntu2.1_ppc64el.deb a6ae3cf7de90ca7481e573758ea180c4b1ae5921665f000f37e7f518617ca0bb 1004 libapache2-mod-proxy-uwsgi_2.4.34-1ubuntu2.1_ppc64el.deb Files: 1e72198cf3ce9f79a1c6ef23077366f0 1207332 httpd optional apache2-bin_2.4.34-1ubuntu2.1_ppc64el.deb b711c56ce37325a07c2faaa50b5c5bb2 4914608 debug optional apache2-dbg_2.4.34-1ubuntu2.1_ppc64el.deb af1bad677777e8a8216eab649c563dbe 179392 httpd optional apache2-dev_2.4.34-1ubuntu2.1_ppc64el.deb 4f8fcf4c3f0576baff38046fb94a6447 2396 httpd optional apache2-ssl-dev_2.4.34-1ubuntu2.1_ppc64el.deb d9009b5fcae89df04dc1d0a019e6c1cb 15596 httpd optional apache2-suexec-custom_2.4.34-1ubuntu2.1_ppc64el.deb ea65bf1f7c605daf47bf03a69a7b9542 14060 httpd optional apache2-suexec-pristine_2.4.34-1ubuntu2.1_ppc64el.deb a26005bab0bf1c6fe2d72052f9b4f0e1 90816 httpd optional apache2-utils_2.4.34-1ubuntu2.1_ppc64el.deb 6d1aade683c1dd61d83b650eee689842 10066 httpd optional apache2_2.4.34-1ubuntu2.1_ppc64el.buildinfo 9113e67f440dce73554d89dc07aac05c 95056 httpd optional apache2_2.4.34-1ubuntu2.1_ppc64el.deb 223b27935e03d344b85df941fb2fc930 1004 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.34-1ubuntu2.1_ppc64el.deb Original-Maintainer: Debian Apache Maintainers