UbuntuUpdates.org

Package "apache2-doc"

Name: apache2-doc

Description:

Apache HTTP Server (on-site documentation)

Latest version: 2.4.18-2ubuntu3.14
Release: xenial (16.04)
Level: updates
Repository: main
Head package: apache2
Homepage: http://httpd.apache.org/

Links

Save this URL for the latest version of "apache2-doc": https://www.ubuntuupdates.org/apache2-doc


Download "apache2-doc"


Other versions of "apache2-doc" in Xenial

Repository Area Version
base main 2.4.18-2ubuntu3
security main 2.4.18-2ubuntu3.13

Changelog

Version: 2.4.18-2ubuntu3.14 2019-10-16 06:06:50 UTC

  apache2 (2.4.18-2ubuntu3.14) xenial; urgency=medium

  * Backport mod_reqtimeout with handshake support (LP: #1846138)
    - d/p/0001-mod-reqtimeout-revent-long-response-times.patch
    - d/p/0002-mod_reqtimeout-fix-body-timeout-disabling-for-CONNECT-request.patch
    - d/p/0003-mod_reqtimeout-Merge-r1853901-r1853906-r1853908-r1853929-r1853935-r.patch

 -- Jesse Williamson <email address hidden> Tue, 08 Oct 2019 13:31:25 +0000

Source diff to previous version
1846138 backport mod_reqtimeout with handshake support

Version: 2.4.18-2ubuntu3.13 2019-09-17 14:06:47 UTC

  apache2 (2.4.18-2ubuntu3.13) xenial-security; urgency=medium

  * SECURITY REGRESSION: mod_proxy balancer XSS/CSRF hardening broke
    browsers which change case in headers and breaks balancers
    loading in some configurations (LP: #1842701)
    - drop d/p/CVE-2019-10092-3.patch

 -- Steve Beattie <email address hidden> Mon, 16 Sep 2019 06:13:53 -0700

Source diff to previous version
1842701 Apache2 Balancer Manager mod_proxy_balancer not working after Update
CVE-2019-10092 Limited cross-site scripting in mod_proxy

Version: 2.4.18-2ubuntu3.12 2019-08-29 23:06:20 UTC

  apache2 (2.4.18-2ubuntu3.12) xenial-security; urgency=medium

  * SECURITY UPDATE: Limited cross-site scripting in mod_proxy
    error page.
    - d/p/CVE-2019-10092-1.patch: Remove request details from built-in
      error documents.
    - d/p/CVE-2019-10092-2.patch: Add missing log numbers.
    - d/p/CVE-2019-10092-3.patch: mod_proxy: Improve XSRF/XSS
      protection.
    - CVE-2019-10092
  * SECURITY UPDATE: mod_rewrite potential open redirect.
    - d/p/CVE-2019-10098.patch: Set PCRE_DOTALL by default.
    - CVE-2019-10098

 -- Steve Beattie <email address hidden> Mon, 26 Aug 2019 06:43:29 -0700

Source diff to previous version
CVE-2019-10092 Limited cross-site scripting in mod_proxy
CVE-2019-10098 mod_rewrite configurations vulnerable to open redirect

Version: 2.4.18-2ubuntu3.10 2019-04-04 17:07:21 UTC

  apache2 (2.4.18-2ubuntu3.10) xenial-security; urgency=medium

  * SECURITY UPDATE: mod_session expiry time issue
    - debian/patches/CVE-2018-17199.patch: always decode session attributes
      early in modules/session/mod_session.c.
    - CVE-2018-17199
  * SECURITY UPDATE: privilege escalation from modules' scripts
    - debian/patches/CVE-2019-0211.patch: bind the bucket number of each
      child to its slot number in include/scoreboard.h,
      server/mpm/event/event.c, server/mpm/prefork/prefork.c,
      server/mpm/worker/worker.c.
    - CVE-2019-0211
  * SECURITY UPDATE: mod_auth_digest access control bypass
    - debian/patches/CVE-2019-0217.patch: fix a race condition in
      modules/aaa/mod_auth_digest.c.
    - CVE-2019-0217
  * SECURITY UPDATE: URL normalization inconsistincy
    - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
      the path in include/http_core.h, include/httpd.h, server/core.c,
      server/request.c, server/util.c.
    - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
      in server/request.c, server/util.c.
    - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
      server/util.c.
    - CVE-2019-0220

 -- Marc Deslauriers <email address hidden> Wed, 03 Apr 2019 09:34:47 -0400

Source diff to previous version
CVE-2018-17199 In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expir
CVE-2019-0211 Apache HTTP Server privilege escalation from modules' scripts
CVE-2019-0217 mod_auth_digest access control bypass
CVE-2019-0220 Apache httpd URL normalization inconsistincy

Version: 2.4.18-2ubuntu3.9 2018-07-04 17:07:09 UTC

  apache2 (2.4.18-2ubuntu3.9) xenial; urgency=medium

  * debian/patches/includeoptional-ignore-non-existent.patch: silently
    ignore a not existent file path with IncludeOptional . Closes LP:
    #1766186.

 -- Andreas Hasenack <email address hidden> Thu, 07 Jun 2018 16:43:03 -0300




About   -   Send Feedback to @ubuntu_updates