[ubuntu/trusty-security] apache2 2.4.7-1ubuntu4.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Jul 23 19:58:43 UTC 2014
apache2 (2.4.7-1ubuntu4.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service in mod_proxy
- debian/patches/CVE-2014-0117.patch: also skip over semicolons in
modules/proxy/proxy_util.c.
- CVE-2014-0117
* SECURITY UPDATE: resource consumption via mod_deflate body
decompression
- debian/patches/CVE-2014-0118.patch: added new configuration options
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and
DeflateInflateRatioBurst in modules/filters/mod_deflate.c.
- CVE-2014-0118
* SECURITY UPDATE: denial of service via race in mod_status
- debian/patches/CVE-2014-0226.patch: fix race by adding
ap_copy_scoreboard_worker() to include/scoreboard.h,
modules/generators/mod_status.c, modules/lua/lua_request.c,
server/scoreboard.c.
- CVE-2014-0226
* SECURITY UPDATE: denial of service in mod_cgid
- debian/patches/CVE-2014-0231.patch: added new configuration option
CGIDScriptTimeout in modules/generators/mod_cgid.c.
- CVE-2014-0231
Date: 2014-07-22 14:29:12.135485+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/trusty/+source/apache2/2.4.7-1ubuntu4.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list