Package "apache2"
| Name: |
apache2
|
|
Description: |
Apache HTTP Server metapackage
The Apache Software Foundation's goal is to build a secure, efficient and
extensible HTTP server as standards-compliant open source software. The
result has long been the number one web server on the Internet.
It features support for HTTPS, virtual hosting, CGI, SSI, IPv6, easy
scripting and database integration, request/response filtering, many
flexible authentication schemes, and more.
|
| Latest version: |
2.2.17-1ubuntu1.5 |
| Release: |
natty (11.04) |
| Level: |
updates |
| Repository: |
main |
| Homepage: |
http://httpd.apache.org/ |
Links
Save this URL for the latest version of "apache2":
http://www.ubuntuupdates.org/apache2
Download "apache2"
Other versions of "apache2" in Natty
Packages in group
Deleted packages are displayed in grey.
Change Log
| Version: 2.2.17-1ubuntu1.5
|
2012-02-17 05:02:48 UTC
|
|
apache2 (2.2.17-1ubuntu1.5) natty-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
directive (LP: #811422)
- debian/patches/215_CVE-2011-3607.dpatch: validate length in
server/util.c.
- CVE-2011-3607
* SECURITY UPDATE: another mod_proxy reverse proxy exposure
- debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
server/protocol.c.
- CVE-2011-4317
* SECURITY UPDATE: denial of service via invalid cookie
- debian/patches/217_CVE-2012-0021.dpatch: check name and value in
modules/loggers/mod_log_config.c.
- CVE-2012-0021
* SECURITY UPDATE: denial of service and possible code execution via
type field modification within a scoreboard shared memory segment
- debian/patches/218_CVE-2012-0031.dpatch: check type field in
server/scoreboard.c.
- CVE-2012-0031
* SECURITY UPDATE: cookie disclosure via Bad Request errors
- debian/patches/219_CVE-2012-0053.dpatch: check lengths in
server/protocol.c.
- CVE-2012-0053
-- Marc Deslauriers Tue, 14 Feb 2012 10:02:26 -0500
|
| Source diff to previous version |
| 811422 |
Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite |
| CVE-2011-3607 |
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_set |
| CVE-2011-4317 |
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch i |
| CVE-2012-0021 |
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, |
| CVE-2012-0031 |
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possi |
| CVE-2012-0053 |
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) e |
|
| Version: 2.2.17-1ubuntu1.4
|
2011-11-11 00:03:26 UTC
|
|
apache2 (2.2.17-1ubuntu1.4) natty-security; urgency=low
* SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
- debian/patches/212_CVE-2011-3368.dpatch: return 400
on invalid requests. (patch courtesy of Michael Jeanson)
- debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http
0.9 protocol
- CVE-2011-3368
* SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
- debian/patches/213_CVE-2011-3348.dpatch: return
HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested
- CVE-2011-3348
* SECURITY UPDATE: mpm-itk failure to drop privileges in certain
configurations
- debian/mpm-itk/patches/11-CVE-2011-1176.patch: merge
configurations correctly
- CVE-2011-1176
* Include additional fixes for regressions introduced by
CVE-2011-3192 fixes
- debian/patches/084_CVE-2011-3192_regression_part2.dpatch:
take upstream fixes for byterange_filter.c through the 2.2.21
release except for the added MaxRanges configuration option along
with a fix staged for 2.2.22.
-- Steve Beattie Wed, 02 Nov 2011 17:21:04 -0700
|
| Source diff to previous version |
| 877740 |
CVE-2011-3368 Apache2 mod_proxy reverse proxy exposure |
| 871674 |
Server mod_proxy_ajp Denial of Service Vulnerability |
| CVE-2011-3368 |
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with us |
| CVE-2011-3348 |
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers |
| CVE-2011-1176 |
The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does |
| CVE-2011-3192 |
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of serv |
|
| Version: 2.2.17-1ubuntu1.2
|
2011-09-02 02:02:40 UTC
|
|
apache2 (2.2.17-1ubuntu1.2) natty-security; urgency=low
* SECURITY UPDATE: Range header DoS vulnerability
- debian/patches/083_CVE-2011-3192.dpatch: filter out large
byte ranges and improve memory efficiency in handling buckets.
(thanks to Debian and upstream)
- CVE-2011-3192
* Include fix for regressions introduced by above patch:
- debian/patches/084_CVE-2011-3192_regression.dpatch: return 206
and 416 response codes where appropriate (see deban bug 639825)
-- Steve Beattie Thu, 01 Sep 2011 01:51:37 -0700
|
| CVE-2011-3192 |
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of serv |
|
