[ubuntu/utopic-security] apache2 2.4.10-1ubuntu1.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Mar 10 14:35:25 UTC 2015
apache2 (2.4.10-1ubuntu1.1) utopic-security; urgency=medium
* SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
- debian/patches/CVE-2013-5704.patch: don't merge trailers by default
and add a "MergeTrailers" directive to revert to previous behaviour
to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
modules/http/http_request.c, modules/loggers/mod_log_config.c,
modules/proxy/mod_proxy_http.c, server/core.c, server/protocol.c.
- CVE-2013-5704
* SECURITY UPDATE: mod_cache denial of service via empty HTTP
Content-Type header
- debian/patches/CVE-2014-3581.patch: check for NULL in
modules/cache/cache_util.c.
- CVE-2014-3581
* SECURITY UPDATE: mod_proxy_fcgi deial of service via long response
headers
- debian/patches/CVE-2014-3583.patch: properly handle length in
modules/aaa/mod_authnz_fcgi.c, modules/proxy/mod_proxy_fcgi.c.
- CVE-2014-3583
* SECURITY UPDATE: restriction bypass in mod_lua via multiple Require
directives
- debian/patches/CVE-2014-8109.patch: handle multiple Require
directives with different arguments in modules/lua/mod_lua.c.
- CVE-2014-8109
* SECURITY UPDATE: denial of service in mod_lua via websockets PING
- debian/patches/CVE-2015-0228.patch: fix logic in
modules/lua/lua_request.c.
- CVE-2015-0228
Date: 2015-03-05 18:08:16.069014+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.10-1ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Utopic-changes
mailing list