[ubuntu/oneiric-security] apache2 2.2.20-1ubuntu1.2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Feb 16 19:33:47 UTC 2012


apache2 (2.2.20-1ubuntu1.2) oneiric-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service via invalid cookie
    - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
      modules/loggers/mod_log_config.c.
    - CVE-2012-0021
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

Date: Tue, 14 Feb 2012 09:35:36 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/apache2/2.2.20-1ubuntu1.2
-------------- next part --------------
Format: 1.8
Date: Tue, 14 Feb 2012 09:35:36 -0500
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source
Version: 2.2.20-1ubuntu1.2
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Launchpad-Bugs-Fixed: 811422
Changes: 
 apache2 (2.2.20-1ubuntu1.2) oneiric-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
     directive (LP: #811422)
     - debian/patches/215_CVE-2011-3607.dpatch: validate length in
       server/util.c.
     - CVE-2011-3607
   * SECURITY UPDATE: another mod_proxy reverse proxy exposure
     - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
       modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
       server/protocol.c.
     - CVE-2011-4317
   * SECURITY UPDATE: denial of service via invalid cookie
     - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
       modules/loggers/mod_log_config.c.
     - CVE-2012-0021
   * SECURITY UPDATE: denial of service and possible code execution via
     type field modification within a scoreboard shared memory segment
     - debian/patches/218_CVE-2012-0031.dpatch: check type field in
       server/scoreboard.c.
     - CVE-2012-0031
   * SECURITY UPDATE: cookie disclosure via Bad Request errors
     - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
       server/protocol.c.
     - CVE-2012-0053
Checksums-Sha1: 
 f8379db14f9ef060c10c81438bd0ddc9b3408279 2609 apache2_2.2.20-1ubuntu1.2.dsc
 029be33be6e9709ce892465ce8b7917d46f97a91 218990 apache2_2.2.20-1ubuntu1.2.diff.gz
Checksums-Sha256: 
 517519c2a13b77c6b45ae5b9c46c57d3f1ab8960daa6ecb49cd8624c3a89bf11 2609 apache2_2.2.20-1ubuntu1.2.dsc
 74927ad063ed279b222d1df6b6815ba1c3c245a3bed1b4fa0e3262cb8c5a2d75 218990 apache2_2.2.20-1ubuntu1.2.diff.gz
Files: 
 095447b3046703f358f3c81f9383775a 2609 httpd optional apache2_2.2.20-1ubuntu1.2.dsc
 9a263164018eff3631d05d6909682e14 218990 httpd optional apache2_2.2.20-1ubuntu1.2.diff.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2
Original-Vcs-Svn: svn://svn.debian.org/pkg-apache/trunk/apache2


More information about the Oneiric-changes mailing list