UbuntuUpdates.org


AllMaverickLucidKarmicJauntyIntrepidHardyAll PPAs
Recent Search QueriesSearch Statistics

Package apache2

Name: apache2

Description:

Apache HTTP Server metapackage
The Apache Software Foundation's goal is to build a secure, efficient and
extensible HTTP server as standards-compliant open source software. The
result has long been the number one web server on the Internet.

It features support for HTTPS, virtual hosting, CGI, SSI, IPv6, easy
scripting and database integration, request/response filtering, many
flexible authentication schemes, and more.
Latest version: 2.2.11-2ubuntu2.6
Ubuntu release: jaunty (9.04)
Level: updates
Repository: main

All versions of apache2 in Jaunty

updates (this page) base security proposed
2.2.11-2ubuntu2.6 2.2.11-2ubuntu2 2.2.11-2ubuntu2.6 2.2.11-2ubuntu2.7

See all versions of apache2 in all Ubuntu releases and repositories.

Links

Packages in group

apache2-doc apache2-mpm-event apache2-mpm-prefork apache2-mpm-worker apache2-prefork-dev apache2-threaded-dev apache2-utils apache2.2-common

Change Log

Version: 2.2.11-2ubuntu2.6 2010-03-10 22:01:17 UTC 
apache2 (2.2.11-2ubuntu2.6) jaunty-security; urgency=low

  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
    - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
      in modules/proxy/mod_proxy_ajp.c.
    - CVE-2010-0408
  * SECURITY UPDATE: information disclosure via improper handling of
    headers in subrequests
    - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
      in server/protocol.c.
    - CVE-2010-0434

 -- Marc Deslauriers   Mon, 08 Mar 2010 11:26:48 -0500
Source diff to previous version
CVE-2010-0408 The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain s
CVE-2010-0434 The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly h

Version: 2.2.11-2ubuntu2.5 2009-11-19 09:01:17 UTC 
apache2 (2.2.11-2ubuntu2.5) jaunty-security; urgency=low

  * SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations.
    Partial fix for CVE-2009-3555. Configurations requiring renegotiation
    of per-directory/location access controls are still affected until
    OpenSSL is updated.
    - debian/patches/904_CVE-2009-3555.dpatch: disable all client
      renegotiations
    - CVE-2009-3555
  * SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module
    - debian/patches/905-CVE-2009-3094.dpatch: fix NULL pointer dereference
      in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread
      in EPSV response parser
    - CVE-2009-3094
  * SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when
    configured as a reverse proxy
    - debian/patches/906-CVE-2009-3095.dpatch: adjust proxy_ftp_handler()
      in mod_proxy_ftp.c to fail if the decoded Basic credentials contain
      special characters.
    - CVE-2009-3095

 -- Jamie Strandboge   Thu, 12 Nov 2009 12:46:19 -0600


About   -   Changelog   -   Send Feedback