[ubuntu/hardy-security] apache2 2.2.8-1ubuntu0.23 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu Feb 16 19:35:38 UTC 2012
apache2 (2.2.8-1ubuntu0.23) hardy-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
directive (LP: #811422)
- debian/patches/220_CVE-2011-3607.dpatch: validate length in
server/util.c.
- CVE-2011-3607
* SECURITY UPDATE: another mod_proxy reverse proxy exposure
- debian/patches/221_CVE-2011-4317.dpatch: validate additional URIs in
modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
server/protocol.c.
- CVE-2011-4317
* SECURITY UPDATE: denial of service and possible code execution via
type field modification within a scoreboard shared memory segment
- debian/patches/222_CVE-2012-0031.dpatch: check type field in
server/scoreboard.c.
- CVE-2012-0031
* SECURITY UPDATE: cookie disclosure via Bad Request errors
- debian/patches/223_CVE-2012-0053.dpatch: check lengths in
server/protocol.c.
- CVE-2012-0053
Date: Tue, 14 Feb 2012 10:49:11 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/apache2/2.2.8-1ubuntu0.23
-------------- next part --------------
Format: 1.7
Date: Tue, 14 Feb 2012 10:49:11 -0500
Source: apache2
Binary: apache2.2-common apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-perchild apache2-utils apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-src apache2-dbg
Architecture: source
Version: 2.2.8-1ubuntu0.23
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
apache2 - Next generation, scalable, extendable web server
apache2-dbg - Apache debugging symbols
apache2-doc - documentation for apache2
apache2-mpm-event - Event driven model for Apache HTTPD
apache2-mpm-perchild - Transitional package - please remove
apache2-mpm-prefork - Traditional model for Apache HTTPD
apache2-mpm-worker - High speed threaded model for Apache HTTPD
apache2-prefork-dev - development headers for apache2
apache2-src - Apache source code
apache2-threaded-dev - development headers for apache2
apache2-utils - utility programs for webservers
apache2.2-common - Next generation, scalable, extendable web server
Launchpad-Bugs-Fixed: 811422
Changes:
apache2 (2.2.8-1ubuntu0.23) hardy-security; urgency=low
.
* SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
directive (LP: #811422)
- debian/patches/220_CVE-2011-3607.dpatch: validate length in
server/util.c.
- CVE-2011-3607
* SECURITY UPDATE: another mod_proxy reverse proxy exposure
- debian/patches/221_CVE-2011-4317.dpatch: validate additional URIs in
modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
server/protocol.c.
- CVE-2011-4317
* SECURITY UPDATE: denial of service and possible code execution via
type field modification within a scoreboard shared memory segment
- debian/patches/222_CVE-2012-0031.dpatch: check type field in
server/scoreboard.c.
- CVE-2012-0031
* SECURITY UPDATE: cookie disclosure via Bad Request errors
- debian/patches/223_CVE-2012-0053.dpatch: check lengths in
server/protocol.c.
- CVE-2012-0053
Files:
591f7836ae1c052584f6024642692106 2041 web optional apache2_2.2.8-1ubuntu0.23.dsc
e05a34abf0e46c983ee06b4d1ed05da7 161047 web optional apache2_2.2.8-1ubuntu0.23.diff.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
More information about the Hardy-changes
mailing list