Package "apache2-utils"
Name: |
apache2-utils
|
Description: |
utility programs for webservers
|
Latest version: |
2.2.22-1ubuntu1.15 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
main |
Head package: |
apache2 |
Homepage: |
http://httpd.apache.org/ |
Links
Download "apache2-utils"
Other versions of "apache2-utils" in Precise
Changelog
apache2 (2.2.22-1ubuntu1.7) precise-security; urgency=medium
* SECURITY UPDATE: resource consumption via mod_deflate body
decompression
- debian/patches/CVE-2014-0118.patch: added new configuration options
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and
DeflateInflateRatioBurst in modules/filters/mod_deflate.c.
- CVE-2014-0118
* SECURITY UPDATE: denial of service via race in mod_status
- debian/patches/CVE-2014-0226.patch: fix race by adding
ap_copy_scoreboard_worker() to include/scoreboard.h,
modules/generators/mod_status.c, server/scoreboard.c.
- CVE-2014-0226
* SECURITY UPDATE: denial of service in mod_cgid
- debian/patches/CVE-2014-0231.patch: added new configuration option
CGIDScriptTimeout in modules/generators/mod_cgid.c.
- CVE-2014-0231
-- Marc Deslauriers <email address hidden> Tue, 22 Jul 2014 09:53:35 -0400
|
Source diff to previous version |
CVE-2014-0118 |
The deflate_in_filter function in mod_deflate.c in the mod_deflate ... |
CVE-2014-0226 |
Race condition in the mod_status module in the Apache HTTP Server ... |
CVE-2014-0231 |
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not ... |
|
apache2 (2.2.22-1ubuntu1.6) precise; urgency=low
* debian/patches/sni.patch:
- apache2 doesn't compare SNI hostname against Host header
case-insensitively (lp: #1298273)
-- Ritesh Khadgaray <email address hidden> Thu, 27 Mar 2014 15:06:16 +0530
|
Source diff to previous version |
1298273 |
apache2 doesn't compare SNI hostname against Host header case-insensitively |
|
apache2 (2.2.22-1ubuntu1.5) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via mod_dav incorrect end of string
calculation
- debian/patches/CVE-2013-6438.patch: properly calculate correct length
in modules/dav/main/util.c.
- CVE-2013-6438
* SECURITY UPDATE: denial of service via truncated cookie and
mod_log_config
- debian/patches/CVE-2014-0098.patch: properly parse tokens in
modules/loggers/mod_log_config.c.
- CVE-2014-0098
-- Marc Deslauriers <email address hidden> Wed, 19 Mar 2014 15:42:46 -0400
|
Source diff to previous version |
CVE-2013-6438 |
mod_dav: Keep track of length of cdata properly when removing leading spaces |
CVE-2014-0098 |
Segfaults with truncated cookie logging |
|
apache2 (2.2.22-1ubuntu1.4) precise-security; urgency=low
* SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
- debian/patches/CVE-2013-1862.patch: properly escape items in
modules/mappers/mod_rewrite.c.
- CVE-2013-1862
* SECURITY UPDATE: denial of service via MERGE request
- debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
in modules/dav/main/mod_dav.c.
- CVE-2013-1896
-- Marc Deslauriers <email address hidden> Fri, 12 Jul 2013 08:58:01 -0400
|
Source diff to previous version |
1188069 |
apache2 mod_rewrite CVE 2013-1862 |
CVE-2013-1862 |
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server ... |
CVE-2013-1896 |
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly ... |
|
apache2 (2.2.22-1ubuntu1.3) precise-security; urgency=low
* SECURITY UPDATE: multiple cross-site scripting issues
- debian/patches/CVE-2012-3499_4558.patch: properly escape html in
modules/generators/{mod_info.c,mod_status.c},
modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
- CVE-2012-3499
- CVE-2012-4558
* SECURITY UPDATE: symlink attack in apache2ctl script
- debian/apache2ctl: introduce and use a safer mkdir_chown() function.
- Thanks to Stefan Fritsch for the fix.
- CVE-2013-1048
-- Marc Deslauriers <email address hidden> Fri, 08 Mar 2013 09:52:54 -0500
|
CVE-2012-3499 |
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers t |
CVE-2012-4558 |
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_prox |
CVE-2013-1048 |
The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apac |
|
About
-
Send Feedback to @ubuntu_updates