Format: 1.8 Date: Wed, 03 Apr 2019 09:34:47 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: s390x Version: 2.4.18-2ubuntu3.10 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.18-2ubuntu3.10) xenial-security; urgency=medium . * SECURITY UPDATE: mod_session expiry time issue - debian/patches/CVE-2018-17199.patch: always decode session attributes early in modules/session/mod_session.c. - CVE-2018-17199 * SECURITY UPDATE: privilege escalation from modules' scripts - debian/patches/CVE-2019-0211.patch: bind the bucket number of each child to its slot number in include/scoreboard.h, server/mpm/event/event.c, server/mpm/prefork/prefork.c, server/mpm/worker/worker.c. - CVE-2019-0211 * SECURITY UPDATE: mod_auth_digest access control bypass - debian/patches/CVE-2019-0217.patch: fix a race condition in modules/aaa/mod_auth_digest.c. - CVE-2019-0217 * SECURITY UPDATE: URL normalization inconsistincy - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in the path in include/http_core.h, include/httpd.h, server/core.c, server/request.c, server/util.c. - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety in server/request.c, server/util.c. - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in server/util.c. - CVE-2019-0220 Checksums-Sha1: 69fa23eb615594fb06f7a3d25fa5b2398fa30cfe 994 apache2-bin-dbgsym_2.4.18-2ubuntu3.10_s390x.ddeb 4d91a2cd61b7c5930dd8ec5bd29be32754c3a255 867638 apache2-bin_2.4.18-2ubuntu3.10_s390x.deb 3eaf973be193b19d45a9c6a5ad1c639c5c9bc256 1880362 apache2-dbg_2.4.18-2ubuntu3.10_s390x.deb 6fbd3c6ee830ce3e3f084160b9ff1c355af3f54e 972 apache2-dbgsym_2.4.18-2ubuntu3.10_s390x.ddeb a6087d5290b39692eaae8b9e2bd9491c0534bd71 1114 apache2-dev-dbgsym_2.4.18-2ubuntu3.10_s390x.ddeb 033b23aecb05c51c9308871126f0d47ebd50fabd 173376 apache2-dev_2.4.18-2ubuntu3.10_s390x.deb e290b9b6bed0b9a88414b1fab94144db97c91a1a 978 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.10_s390x.ddeb dde28565ba0fde485a9dd89622580ac4bb939e75 15130 apache2-suexec-custom_2.4.18-2ubuntu3.10_s390x.deb 89ae1a64ea21feea8271d2c2f1c343de76371ad1 920 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.10_s390x.ddeb 670f586376a84776a6af6d6db6db2f91811d35c8 13538 apache2-suexec-pristine_2.4.18-2ubuntu3.10_s390x.deb f6589f0a8b23d764bb0b6c0095438a1d4833895b 1198 apache2-utils-dbgsym_2.4.18-2ubuntu3.10_s390x.ddeb 59c54d5b71c348a7b88eef5578661743cf616074 81544 apache2-utils_2.4.18-2ubuntu3.10_s390x.deb 1deb20737abef7d03a330809f668affdea436f28 86642 apache2_2.4.18-2ubuntu3.10_s390x.deb Checksums-Sha256: 72f800c136a4b20cba7373a60b633065cdc13135f762374705c0d139507d6ea2 994 apache2-bin-dbgsym_2.4.18-2ubuntu3.10_s390x.ddeb 1a3f19bc8042068f417aec7129a293984870d9533f8199980290ae7d770ee273 867638 apache2-bin_2.4.18-2ubuntu3.10_s390x.deb 21f01708ccb1f0026df6160350cd42c425bc4912c4fc6ebd8ea78a5842f5e287 1880362 apache2-dbg_2.4.18-2ubuntu3.10_s390x.deb 7f2ff8f49008daf88024e6fa2df37837ca1f325380604a6a036d9863867dcb16 972 apache2-dbgsym_2.4.18-2ubuntu3.10_s390x.ddeb 1fa0706c5bab12c042e11351a8fbf8ecec7f518dff35b4176262e243bbf34ba8 1114 apache2-dev-dbgsym_2.4.18-2ubuntu3.10_s390x.ddeb 1e2a0beadfeb6098119e79bd05949f52e9d356578368e5f6320fb8534ab8aaeb 173376 apache2-dev_2.4.18-2ubuntu3.10_s390x.deb 10b21406101005d02674670d08d2fb0ece9256050ef2f55abfc38acb5451d4b3 978 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.10_s390x.ddeb 35fdb34e387d8a6414e7984d9c4548b2ede468d930274edf91e5a36cd4089777 15130 apache2-suexec-custom_2.4.18-2ubuntu3.10_s390x.deb 1eae546ecd79c8d13eea0c4d1ed6747f9c0ff6984d4532ded1353bb2d900a28a 920 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.10_s390x.ddeb ee008d004e452c70ad8ebc7bebe5951c721ef47de44461be805f244984daf9a0 13538 apache2-suexec-pristine_2.4.18-2ubuntu3.10_s390x.deb 97ad6b71a1d36d0d8776b2408d5a3290b7074033563accf2b93cf019654ffeae 1198 apache2-utils-dbgsym_2.4.18-2ubuntu3.10_s390x.ddeb efd2065e5e21076b5dc13d5e29abea6fe50b170e0c4a1604fb5ebd8d0f224776 81544 apache2-utils_2.4.18-2ubuntu3.10_s390x.deb bcb1b198f4b11e51c407446276a5f554efbb7f3a40081816a93daccb37431edb 86642 apache2_2.4.18-2ubuntu3.10_s390x.deb Files: 5604e7edc48f3be081f5c1ceb883f095 994 httpd extra apache2-bin-dbgsym_2.4.18-2ubuntu3.10_s390x.ddeb ac1881188f84817dea0b36107721241f 867638 httpd optional apache2-bin_2.4.18-2ubuntu3.10_s390x.deb dfb80a23da8c322a129382c48996df53 1880362 debug extra apache2-dbg_2.4.18-2ubuntu3.10_s390x.deb cab453bec61ab150ea5d9da2948d7dcc 972 httpd extra apache2-dbgsym_2.4.18-2ubuntu3.10_s390x.ddeb f8b2fcc093b6d6312cc01b7bcc5ff255 1114 httpd extra apache2-dev-dbgsym_2.4.18-2ubuntu3.10_s390x.ddeb 2f9398732d5a3fa47774403ea3dd32cb 173376 httpd optional apache2-dev_2.4.18-2ubuntu3.10_s390x.deb 0e20af88ca0388b4533de70ddbfa8995 978 httpd extra apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.10_s390x.ddeb 117c20404e809b1d5277d303144b5bc2 15130 httpd extra apache2-suexec-custom_2.4.18-2ubuntu3.10_s390x.deb 3e78cddb1cad7298f4afb309d4315e72 920 httpd extra apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.10_s390x.ddeb 32c89deae65e9b4ec36e723ffeccd161 13538 httpd optional apache2-suexec-pristine_2.4.18-2ubuntu3.10_s390x.deb c3cb04b6cf6a900d9a20872569c4f236 1198 httpd extra apache2-utils-dbgsym_2.4.18-2ubuntu3.10_s390x.ddeb 769095389d8a423259bd3ec8c8d53285 81544 httpd optional apache2-utils_2.4.18-2ubuntu3.10_s390x.deb 09cd3b1a825a92ee8b6f30a0d50f47e3 86642 httpd optional apache2_2.4.18-2ubuntu3.10_s390x.deb Original-Maintainer: Debian Apache Maintainers