All Ubuntu package versions


AllRaringQuantalPreciseOneiricNattyLucidHardyAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
Comments

Package "apache2"

Name: apache2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • multiuser MPM for Apache 2.2
  • Standard suexec program for Apache 2 mod_suexec
  • Configurable suexec program for Apache 2 mod_suexec
Latest version: 2.2.22-1ubuntu1.3
Release: precise (12.04)
Level: updates
Repository: universe
Homepage: http://httpd.apache.org/

Links

Save this URL for the latest version of "apache2": http://www.ubuntuupdates.org/apache2

All versions of this package Bug fixes
List of files in package Repository home page for package

Other versions of "apache2" in Precise

RepositoryAreaVersion
base main 2.2.22-1ubuntu1
base universe 2.2.22-1ubuntu1
security universe 2.2.22-1ubuntu1.3
security main 2.2.22-1ubuntu1.3
updates main 2.2.22-1ubuntu1.3

Packages in group

Deleted packages are displayed in grey.

apache2-mpm-itk apache2-suexec apache2-suexec-custom

Change Log

Version: 2.2.22-1ubuntu1.3 2013-03-18 15:07:04 UTC

  apache2 (2.2.22-1ubuntu1.3) precise-security; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048
 -- Marc Deslauriers <email address hidden> Fri, 08 Mar 2013 09:52:54 -0500
Source diff to previous version
CVE-2012-3499 Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers t
CVE-2012-4558 Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_prox
CVE-2013-1048 The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apac

Version: 2.2.22-1ubuntu1.2 2012-11-09 00:07:28 UTC

  apache2 (2.2.22-1ubuntu1.2) precise-security; urgency=low

  * SECURITY UPDATE: XSS vulnerability in mod_negotiation
    - debian/patches/CVE-2012-2687.patch: escape filenames in
      modules/mappers/mod_negotiation.c.
    - CVE-2012-2687
  * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
    - debian/patches/CVE-2012-4929.patch: backport SSLCompression on|off
      directive. Defaults to off as enabling compression enables the CRIME
      attack.
    - CVE-2012-4929
 -- Marc Deslauriers <email address hidden> Tue, 06 Nov 2012 14:30:45 -0500
1068854 Support option to disable TLS compression to protect against CRIME attack
CVE-2012-2687 Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apach
CVE-2012-4929 The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can encrypt compressed data without properly obfusca


About   -   Changelog   -   Send Feedback
Site Meter