Next generation, scalable, extendable web server
Apache v2 is the next generation of the omnipresent Apache web server. This
version - a total rewrite - introduces many new improvements, such as
threading, a new API, IPv6 support, request/response filtering, and more.
apache2 (2.2.8-1ubuntu0.15) hardy-security; urgency=low
* SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
- debian/patches/209_CVE-2010-0408.dpatch: return the right error code
in modules/proxy/mod_proxy_ajp.c.
- CVE-2010-0408
* SECURITY UPDATE: information disclosure via improper handling of
headers in subrequests
- debian/patches/210_CVE-2010-0434.dpatch: use a copy of r->headers_in
in server/protocol.c.
- CVE-2010-0434
-- Marc Deslauriers Mon, 08 Mar 2010 11:56:13 -0500
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly h
Version: 2.2.8-1ubuntu0.14
2009-11-19 01:01:18 UTC
apache2 (2.2.8-1ubuntu0.14) hardy-security; urgency=low
* SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations.
Partial fix for CVE-2009-3555. Configurations requiring renegotiation
of per-directory/location access controls are still affected until
OpenSSL is updated.
- debian/patches/206_CVE-2009-3555.dpatch: disable all client
renegotiations
- CVE-2009-3555
* SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module
- debian/patches/207-CVE-2009-3094.dpatch: fix NULL pointer dereference
in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread
in EPSV response parser
- CVE-2009-3094
* SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when
configured as a reverse proxy
- debian/patches/208-CVE-2009-3095.dpatch: adjust proxy_ftp_handler()
in mod_proxy_ftp.c to fail if the decoded Basic credentials contain
special characters.
- CVE-2009-3095
-- Jamie Strandboge Thu, 12 Nov 2009 14:15:40 -0600
