All Ubuntu package versions


AllTrustySaucyRaringPreciseLucidAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
CommentsResqueStathatMemoryTracker

Package "apache2"

Name: apache2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • multiuser MPM for Apache 2.2
  • Standard suexec program for Apache 2 mod_suexec
  • Configurable suexec program for Apache 2 mod_suexec

Latest version: 2.2.22-1ubuntu1.7
Release: precise (12.04)
Level: updates
Repository: universe

Links

Save this URL for the latest version of "apache2": http://www.ubuntuupdates.org/apache2

All versions of this package Bug fixes
List of files in package Repository home page for package

Other versions of "apache2" in Precise

RepositoryAreaVersion
base universe 2.2.22-1ubuntu1
base main 2.2.22-1ubuntu1
security universe 2.2.22-1ubuntu1.7
security main 2.2.22-1ubuntu1.7
updates main 2.2.22-1ubuntu1.7

Packages in group

Deleted packages are displayed in grey.

apache2-mpm-itk apache2-suexec apache2-suexec-custom

Change Log

Version: 2.2.22-1ubuntu1.7 2014-07-23 22:07:58 UTC

  apache2 (2.2.22-1ubuntu1.7) precise-security; urgency=medium

  * SECURITY UPDATE: resource consumption via mod_deflate body
    decompression
    - debian/patches/CVE-2014-0118.patch: added new configuration options
      DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and
      DeflateInflateRatioBurst in modules/filters/mod_deflate.c.
    - CVE-2014-0118
  * SECURITY UPDATE: denial of service via race in mod_status
    - debian/patches/CVE-2014-0226.patch: fix race by adding
      ap_copy_scoreboard_worker() to include/scoreboard.h,
      modules/generators/mod_status.c, server/scoreboard.c.
    - CVE-2014-0226
  * SECURITY UPDATE: denial of service in mod_cgid
    - debian/patches/CVE-2014-0231.patch: added new configuration option
      CGIDScriptTimeout in modules/generators/mod_cgid.c.
    - CVE-2014-0231
 -- Marc Deslauriers <email address hidden> Tue, 22 Jul 2014 09:53:35 -0400

Source diff to previous version
CVE-2014-0118 The deflate_in_filter function in mod_deflate.c in the mod_deflate ...
CVE-2014-0226 Race condition in the mod_status module in the Apache HTTP Server ...
CVE-2014-0231 The mod_cgid module in the Apache HTTP Server before 2.4.10 does not ...

Version: 2.2.22-1ubuntu1.6 2014-05-08 22:07:53 UTC

  apache2 (2.2.22-1ubuntu1.6) precise; urgency=low

  * debian/patches/sni.patch:
    - apache2 doesn't compare SNI hostname against Host header
      case-insensitively (lp: #1298273)
 -- Ritesh Khadgaray <email address hidden> Thu, 27 Mar 2014 15:06:16 +0530

Source diff to previous version
1298273 apache2 doesn't compare SNI hostname against Host header case-insensitively

Version: 2.2.22-1ubuntu1.5 2014-03-24 20:07:20 UTC

  apache2 (2.2.22-1ubuntu1.5) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098
 -- Marc Deslauriers <email address hidden> Wed, 19 Mar 2014 15:42:46 -0400

Source diff to previous version
CVE-2013-6438 mod_dav: Keep track of length of cdata properly when removing leading spaces
CVE-2014-0098 Segfaults with truncated cookie logging

Version: 2.2.22-1ubuntu1.4 2013-07-15 14:06:40 UTC

  apache2 (2.2.22-1ubuntu1.4) precise-security; urgency=low

  * SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
    - debian/patches/CVE-2013-1862.patch: properly escape items in
      modules/mappers/mod_rewrite.c.
    - CVE-2013-1862
  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896
 -- Marc Deslauriers <email address hidden> Fri, 12 Jul 2013 08:58:01 -0400

Source diff to previous version
1188069 apache2 mod_rewrite CVE 2013-1862
CVE-2013-1862 mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server ...
CVE-2013-1896 mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly ...

Version: 2.2.22-1ubuntu1.3 2013-03-18 15:07:04 UTC

  apache2 (2.2.22-1ubuntu1.3) precise-security; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048
 -- Marc Deslauriers <email address hidden> Fri, 08 Mar 2013 09:52:54 -0500

CVE-2012-3499 Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers t
CVE-2012-4558 Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_prox
CVE-2013-1048 The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apac



About   -   Changelog   -   Send Feedback