[Bug 1790430] Re: None issues with auth_digest when running behind an reverse proxy
Andreas Hasenack
andreas at canonical.com
Tue Sep 4 21:31:10 UTC 2018
Are you sure you are in ubuntu 14.04.5? Trusty's latest apache2 is
2.4.7-1ubuntu4.20
I assume you meant xenial, which does have 2.4.18-2ubuntu3.8 in security
but has 3.9 in updates.
3.8 has security fixes around "nonce generation":
* SECURITY UPDATE: insecure nonce generation
- debian/patches/CVE-2018-1312.patch: actually use the secret when
generating nonces in modules/aaa/mod_auth_digest.c.
- CVE-2018-1312
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1312
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1790430
Title:
None issues with auth_digest when running behind an reverse proxy
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1790430/+subscriptions
More information about the Ubuntu-server-bugs
mailing list