[ubuntu/trusty-security] apache2 2.4.7-1ubuntu4.13 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon Jul 18 17:55:09 UTC 2016

apache2 (2.4.7-1ubuntu4.13) trusty-security; urgency=medium

  * SECURITY UPDATE: proxy request header vulnerability (httpoxy)
    - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in
    - CVE-2016-5387
  * This update does _not_ contain the changes from (2.4.7-1ubuntu4.12) in

apache2 (2.4.7-1ubuntu4.11) trusty; urgency=medium

  * Fix hang until proxy timeout for Proxy responses with error status and
    "ProxyErrorOverride On" being set (LP: #1495988).

apache2 (2.4.7-1ubuntu4.10) trusty; urgency=medium

  * Add apache2 specific modification needed along with fix to
    libapache2-mpm-itk so it becomes installable again (LP: #1286882):
    - Removes warning on mpm_itk use
    - Removes conflicts on mpm_itk

apache2 (2.4.7-1ubuntu4.9) trusty; urgency=medium

  * Force disablereuse on for mod_proxy_wstunnel. Fixes "Unable to connect to:
    ws://<maas IP>:/MAAS/ws" errors with maas, and other proxy applications.
    (LP: #1484696).

apache2 (2.4.7-1ubuntu4.8) trusty; urgency=medium

  * Fix -D[efined] or <Define>[d] variables lifetime across restarts.
    This fixes incorrect processing of configuration files on reload
    (LP: #1504354).

apache2 (2.4.7-1ubuntu4.7) trusty; urgency=medium

  * d/p/wstunnel-ssl.patch: mod_proxy_wstunnel: Fix the use of SSL
    connections with the "wss:" scheme.  PR55320.  LP: #1445914
    Submitted by: Alex Liu <alex.leo.ca gmail.com>

apache2 (2.4.7-1ubuntu4.6) trusty; urgency=medium

  * d/p/fix_rewrite_rule.patch: Add a configurable option to keep mod_dir from
    running when another handler is set. This makes default behavior
    consistant with 2.2, and fixes (LP: #1394403)
    - This adds the configuration option "DirectoryCheckHandler" which is
      present in apache 2.4.8 and later versions. The default value is
      "DirectoryCheckHandler Off".
    - This will change default behavior. Instead of mod_dir running even if
      other rules are being run, mod_dir will only run when no other rules
      have been processed by default. This is the expected behavior of
      mod_dir, and is consistant with the behavior of mod_dir in apache
      versions < 2.4 and > 2.4.8, and so the default value of this
      configuration option will correct the bug.
    - The current default behavior, which is considered to be a bug, can be
      kept by setting "DirectoryCheckHandler On".

Date: 2016-07-15 15:18:12.292821+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list