[ubuntu/hardy-security] apache2 2.2.8-1ubuntu0.14 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Thu Nov 19 00:05:23 GMT 2009
apache2 (2.2.8-1ubuntu0.14) hardy-security; urgency=low
* SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations.
Partial fix for CVE-2009-3555. Configurations requiring renegotiation
of per-directory/location access controls are still affected until
OpenSSL is updated.
- debian/patches/206_CVE-2009-3555.dpatch: disable all client
renegotiations
- CVE-2009-3555
* SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module
- debian/patches/207-CVE-2009-3094.dpatch: fix NULL pointer dereference
in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread
in EPSV response parser
- CVE-2009-3094
* SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when
configured as a reverse proxy
- debian/patches/208-CVE-2009-3095.dpatch: adjust proxy_ftp_handler()
in mod_proxy_ftp.c to fail if the decoded Basic credentials contain
special characters.
- CVE-2009-3095
Date: Thu, 12 Nov 2009 14:15:40 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/apache2/2.2.8-1ubuntu0.14
-------------- next part --------------
Format: 1.7
Date: Thu, 12 Nov 2009 14:15:40 -0600
Source: apache2
Binary: apache2.2-common apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-perchild apache2-utils apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-src apache2-dbg
Architecture: source
Version: 2.2.8-1ubuntu0.14
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
apache2 - Next generation, scalable, extendable web server
apache2-dbg - Apache debugging symbols
apache2-doc - documentation for apache2
apache2-mpm-event - Event driven model for Apache HTTPD
apache2-mpm-perchild - Transitional package - please remove
apache2-mpm-prefork - Traditional model for Apache HTTPD
apache2-mpm-worker - High speed threaded model for Apache HTTPD
apache2-prefork-dev - development headers for apache2
apache2-src - Apache source code
apache2-threaded-dev - development headers for apache2
apache2-utils - utility programs for webservers
apache2.2-common - Next generation, scalable, extendable web server
Changes:
apache2 (2.2.8-1ubuntu0.14) hardy-security; urgency=low
.
* SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations.
Partial fix for CVE-2009-3555. Configurations requiring renegotiation
of per-directory/location access controls are still affected until
OpenSSL is updated.
- debian/patches/206_CVE-2009-3555.dpatch: disable all client
renegotiations
- CVE-2009-3555
* SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module
- debian/patches/207-CVE-2009-3094.dpatch: fix NULL pointer dereference
in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread
in EPSV response parser
- CVE-2009-3094
* SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when
configured as a reverse proxy
- debian/patches/208-CVE-2009-3095.dpatch: adjust proxy_ftp_handler()
in mod_proxy_ftp.c to fail if the decoded Basic credentials contain
special characters.
- CVE-2009-3095
Files:
78c9a13cc2af0dbf3958a3fc98aeea84 1381 web optional apache2_2.2.8-1ubuntu0.14.dsc
37d5c93b425758839cbef5afea5353a2 141838 web optional apache2_2.2.8-1ubuntu0.14.diff.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
More information about the Hardy-changes
mailing list