UbuntuUpdates.org

Package "apache2"

Name: apache2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • multiuser MPM for Apache 2.2
  • Standard suexec program for Apache 2 mod_suexec
  • Configurable suexec program for Apache 2 mod_suexec

Latest version: 2.2.22-1ubuntu1.9
Release: precise (12.04)
Level: updates
Repository: universe

Links

Save this URL for the latest version of "apache2": http://www.ubuntuupdates.org/apache2



Other versions of "apache2" in Precise

Repository Area Version
base main 2.2.22-1ubuntu1
base universe 2.2.22-1ubuntu1
security universe 2.2.22-1ubuntu1.9
security main 2.2.22-1ubuntu1.9
updates main 2.2.22-1ubuntu1.9

Packages in group

Deleted packages are displayed in grey.

apache2-mpm-itk apache2-suexec apache2-suexec-custom

Changelog

Version: 2.2.22-1ubuntu1.9 2015-06-02 14:06:47 UTC

  apache2 (2.2.22-1ubuntu1.9) precise-security; urgency=medium

  * SECURITY IMPROVEMENT: add support for ECC keys and ECDH ciphers
    (LP: #1197884)
    - debian/patches/ecc_support.patch: add support to
      modules/ssl/mod_ssl.c, modules/ssl/ssl_engine_init.c,
      modules/ssl/ssl_engine_kernel.c, modules/ssl/ssl_private.h,
      modules/ssl/ssl_toolkit_compat.h, modules/ssl/ssl_util.c,
  * SECURITY IMPROVEMENT: add TLSv1.x options to SSLProtocol (LP: #1400473)
    - debian/patches/tls_options.patch: allow specifying later TLSv1.x
      options in modules/ssl/mod_ssl.c, modules/ssl/ssl_engine_config.c,
      modules/ssl/ssl_engine_init.c, modules/ssl/ssl_engine_kernel.c,
      modules/ssl/ssl_private.h.
  * SECURITY IMPROVEMENT: improve ephemeral key handling, including
    allowing DH parameters to be loaded from SSLCertificateFile and
    disabling EXPORT ciphers.
    - debian/patches/ephemeral_key_handling.patch: numerous improvements to
      modules/ssl/mod_ssl.c, modules/ssl/ssl_engine_config.c,
      modules/ssl/ssl_engine_dh.c, modules/ssl/ssl_engine_init.c,
      modules/ssl/ssl_engine_kernel.c, modules/ssl/ssl_private.h,
      modules/ssl/ssl_util_ssl.c, modules/ssl/ssl_util_ssl.h.

 -- Marc Deslauriers <email address hidden> Thu, 28 May 2015 12:26:50 -0400

Source diff to previous version
1197884 apache2.2 SSL has no forward-secrecy: need ECDHE keys
1400473 Apache 2.2 on Ubuntu 12.04 LTS doesn't allow disabling TLS1.0

Version: 2.2.22-1ubuntu1.8 2015-03-10 17:06:29 UTC

  apache2 (2.2.22-1ubuntu1.8) precise-security; urgency=medium

  * SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
    - debian/patches/CVE-2013-5704.patch: don't merge trailers by default
      and add a "MergeTrailers" directive to revert to previous behaviour
      to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
      modules/http/http_request.c, modules/loggers/mod_log_config.c,
      modules/proxy/mod_proxy_http.c, modules/proxy/proxy_util.c,
      server/core.c, server/protocol.c.
    - CVE-2013-5704
 -- Marc Deslauriers <email address hidden> Thu, 05 Mar 2015 12:40:00 -0500

Source diff to previous version
1425141 mod_headers CVE-2013-5704
CVE-2013-5704 The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the

Version: 2.2.22-1ubuntu1.7 2014-07-23 22:07:58 UTC

  apache2 (2.2.22-1ubuntu1.7) precise-security; urgency=medium

  * SECURITY UPDATE: resource consumption via mod_deflate body
    decompression
    - debian/patches/CVE-2014-0118.patch: added new configuration options
      DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and
      DeflateInflateRatioBurst in modules/filters/mod_deflate.c.
    - CVE-2014-0118
  * SECURITY UPDATE: denial of service via race in mod_status
    - debian/patches/CVE-2014-0226.patch: fix race by adding
      ap_copy_scoreboard_worker() to include/scoreboard.h,
      modules/generators/mod_status.c, server/scoreboard.c.
    - CVE-2014-0226
  * SECURITY UPDATE: denial of service in mod_cgid
    - debian/patches/CVE-2014-0231.patch: added new configuration option
      CGIDScriptTimeout in modules/generators/mod_cgid.c.
    - CVE-2014-0231
 -- Marc Deslauriers <email address hidden> Tue, 22 Jul 2014 09:53:35 -0400

Source diff to previous version
CVE-2014-0118 The deflate_in_filter function in mod_deflate.c in the mod_deflate ...
CVE-2014-0226 Race condition in the mod_status module in the Apache HTTP Server ...
CVE-2014-0231 The mod_cgid module in the Apache HTTP Server before 2.4.10 does not ...

Version: 2.2.22-1ubuntu1.6 2014-05-08 22:07:53 UTC

  apache2 (2.2.22-1ubuntu1.6) precise; urgency=low

  * debian/patches/sni.patch:
    - apache2 doesn't compare SNI hostname against Host header
      case-insensitively (lp: #1298273)
 -- Ritesh Khadgaray <email address hidden> Thu, 27 Mar 2014 15:06:16 +0530

Source diff to previous version
1298273 apache2 doesn't compare SNI hostname against Host header case-insensitively

Version: 2.2.22-1ubuntu1.5 2014-03-24 20:07:20 UTC

  apache2 (2.2.22-1ubuntu1.5) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098
 -- Marc Deslauriers <email address hidden> Wed, 19 Mar 2014 15:42:46 -0400

CVE-2013-6438 mod_dav: Keep track of length of cdata properly when removing leading spaces
CVE-2014-0098 Segfaults with truncated cookie logging



About   -   Send Feedback to @ubuntu_updates