Ubuntu
apache2 package

  1. Bug #1790430
  2. Comment #1

Comment 1 for bug 1790430

Revision history for this message
Andreas Hasenack (ahasenack) wrote : Re: None issues with auth_digest when running behind an reverse proxy

Are you sure you are in ubuntu 14.04.5? Trusty's latest apache2 is 2.4.7-1ubuntu4.20

I assume you meant xenial, which does have 2.4.18-2ubuntu3.8 in security but has 3.9 in updates.

3.8 has security fixes around "nonce generation":

  * SECURITY UPDATE: insecure nonce generation
    - debian/patches/CVE-2018-1312.patch: actually use the secret when
      generating nonces in modules/aaa/mod_auth_digest.c.
    - CVE-2018-1312