[ubuntu/karmic-security] apache2 2.2.12-1ubuntu2.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu Nov 19 00:04:30 GMT 2009 

apache2 (2.2.12-1ubuntu2.1) karmic-security; urgency=low

  * SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations.
    Partial fix for CVE-2009-3555. Configurations requiring renegotiation
    of per-directory/location access controls are still affected until
    OpenSSL is updated.
    - debian/patches/900_CVE-2009-3555.dpatch: disable all client
      renegotiations
    - CVE-2009-3555
  * SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module
    - debian/patches/901-CVE-2009-3094.dpatch: fix NULL pointer dereference
      in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread
      in EPSV response parser
    - CVE-2009-3094
  * SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when
    configured as a reverse proxy
    - debian/patches/902-CVE-2009-3095.dpatch: adjust proxy_ftp_handler()
      in mod_proxy_ftp.c to fail if the decoded Basic credentials contain
      special characters.
    - CVE-2009-3095

Date: Thu, 12 Nov 2009 12:12:56 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/apache2/2.2.12-1ubuntu2.1
-------------- next part --------------
Format: 1.8
Date: Thu, 12 Nov 2009 12:12:56 -0600
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source
Version: 2.2.12-1ubuntu2.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Changes: 
 apache2 (2.2.12-1ubuntu2.1) karmic-security; urgency=low
 .
   * SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations.
     Partial fix for CVE-2009-3555. Configurations requiring renegotiation
     of per-directory/location access controls are still affected until
     OpenSSL is updated.
     - debian/patches/900_CVE-2009-3555.dpatch: disable all client
       renegotiations
     - CVE-2009-3555
   * SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module
     - debian/patches/901-CVE-2009-3094.dpatch: fix NULL pointer dereference
       in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread
       in EPSV response parser
     - CVE-2009-3094
   * SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when
     configured as a reverse proxy
     - debian/patches/902-CVE-2009-3095.dpatch: adjust proxy_ftp_handler()
       in mod_proxy_ftp.c to fail if the decoded Basic credentials contain
       special characters.
     - CVE-2009-3095
Checksums-Sha1: 
 44d719d04da4d94cb190bf8e47bf91b85cc95edf 1888 apache2_2.2.12-1ubuntu2.1.dsc
 ee3f61ca81c3b6107b3c69e4574e5488ce0ee089 185244 apache2_2.2.12-1ubuntu2.1.diff.gz
Checksums-Sha256: 
 7b25b897c977d3d3449fb5bf567dbe4d51accb0ab7738be42e321d5d291676f2 1888 apache2_2.2.12-1ubuntu2.1.dsc
 d6311328aac663d4ec1a307d578a7bdc95e8d67a69bbc7aad5d8e5509c8f3926 185244 apache2_2.2.12-1ubuntu2.1.diff.gz
Files: 
 d3bfdecefdd8b1adec8ab35dcf85d2b3 1888 httpd optional apache2_2.2.12-1ubuntu2.1.dsc
 1ef59f9642bd9efa35e0808ea804cd0b 185244 httpd optional apache2_2.2.12-1ubuntu2.1.diff.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>

More information about the Karmic-changes mailing list