All Ubuntu package versions


AllTrustySaucyRaringQuantalPreciseLucidAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
CommentsResqueStathatMemoryTracker

Package "apache2"

Name: apache2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • multiuser MPM for Apache 2.2
  • Standard suexec program for Apache 2 mod_suexec
  • Configurable suexec program for Apache 2 mod_suexec

Latest version: 2.2.22-1ubuntu1.5
Release: precise (12.04)
Level: updates
Repository: universe

Links

Save this URL for the latest version of "apache2": http://www.ubuntuupdates.org/apache2

All versions of this package Bug fixes
List of files in package Repository home page for package

Other versions of "apache2" in Precise

RepositoryAreaVersion
base main 2.2.22-1ubuntu1
base universe 2.2.22-1ubuntu1
security universe 2.2.22-1ubuntu1.5
security main 2.2.22-1ubuntu1.5
updates main 2.2.22-1ubuntu1.5
proposed main 2.2.22-1ubuntu1.6
proposed universe 2.2.22-1ubuntu1.6

Packages in group

Deleted packages are displayed in grey.

apache2-mpm-itk apache2-suexec apache2-suexec-custom

Change Log

Version: 2.2.22-1ubuntu1.5 2014-03-24 20:07:20 UTC

  apache2 (2.2.22-1ubuntu1.5) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098
 -- Marc Deslauriers <email address hidden> Wed, 19 Mar 2014 15:42:46 -0400

Source diff to previous version
CVE-2013-6438 mod_dav: Keep track of length of cdata properly when removing leading spaces
CVE-2014-0098 Segfaults with truncated cookie logging

Version: 2.2.22-1ubuntu1.4 2013-07-15 14:06:40 UTC

  apache2 (2.2.22-1ubuntu1.4) precise-security; urgency=low

  * SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
    - debian/patches/CVE-2013-1862.patch: properly escape items in
      modules/mappers/mod_rewrite.c.
    - CVE-2013-1862
  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896
 -- Marc Deslauriers <email address hidden> Fri, 12 Jul 2013 08:58:01 -0400

Source diff to previous version
1188069 apache2 mod_rewrite CVE 2013-1862
CVE-2013-1862 mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server ...
CVE-2013-1896 mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly ...

Version: 2.2.22-1ubuntu1.3 2013-03-18 15:07:04 UTC

  apache2 (2.2.22-1ubuntu1.3) precise-security; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048
 -- Marc Deslauriers <email address hidden> Fri, 08 Mar 2013 09:52:54 -0500

Source diff to previous version
CVE-2012-3499 Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers t
CVE-2012-4558 Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_prox
CVE-2013-1048 The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apac

Version: 2.2.22-1ubuntu1.2 2012-11-09 00:07:28 UTC

  apache2 (2.2.22-1ubuntu1.2) precise-security; urgency=low

  * SECURITY UPDATE: XSS vulnerability in mod_negotiation
    - debian/patches/CVE-2012-2687.patch: escape filenames in
      modules/mappers/mod_negotiation.c.
    - CVE-2012-2687
  * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
    - debian/patches/CVE-2012-4929.patch: backport SSLCompression on|off
      directive. Defaults to off as enabling compression enables the CRIME
      attack.
    - CVE-2012-4929
 -- Marc Deslauriers <email address hidden> Tue, 06 Nov 2012 14:30:45 -0500

1068854 Support option to disable TLS compression to protect against CRIME attack
CVE-2012-2687 Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apach
CVE-2012-4929 The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can encrypt compressed data without properly obfusca



About   -   Changelog   -   Send Feedback