apache2 2.4.29-1ubuntu4.10 source package in Ubuntu
Changelog
apache2 (2.4.29-1ubuntu4.10) bionic-security; urgency=medium
* SECURITY UPDATE: HTTP/2 internal data buffering denial of service.
- d/p/mod_http2-1.15.4-backport-0004-CVE-2019-9517.patch: improve
http/2 module keepalive throttling.
- CVE-2019-9517
* SECURITY UPDATE: Upgrade request from http/1.1 to http/2 crash
denial of service (LP: #1840188)
- d/p/mod_http2-1.14.1-backport-0019-Merge-r1852038-r1852101-from-trunk-CVE-2019-0197.patch:
re-use slave connections and fix slave connection keepalives
counter.
- CVE-2019-0197
* SECURITY UPDATE: mod_http2 memory corruption on early pushes
- included in mod_http2 1.15.4 backport
- CVE-2019-10081
* SECURITY UPDATE: read-after-free in mod_http2 h2 connection
shutdown.
- included in mod_http2 1.15.4 backport
- CVE-2019-10082
* SECURITY UPDATE: Limited cross-site scripting in mod_proxy
error page.
- d/p/CVE-2019-10092-1.patch: Remove request details from built-in
error documents.
- d/p/CVE-2019-10092-2.patch: Add missing log numbers.
- d/p/CVE-2019-10092-3.patch: mod_proxy: Improve XSRF/XSS
protection.
- CVE-2019-10092-1
* SECURITY UPDATE: mod_rewrite potential open redirect.
- d/p/CVE-2019-10098.patch: Set PCRE_DOTALL by default.
- CVE-2019-10098
* Backport mod_http2 v1.14.1 and v1.15.4 for CVE-2019-9517,
CVE-2019-10081, and CVE-2019-10082 fixes:
- add d/p/mod_http2-1.14.1-backport-*.patches and
d/p/mod_http2-1.15.4-backport-*.patches
- dropped the following patches included above:
+ d/p/CVE-2018-1302.patch
+ d/p/CVE-2018-1333.patch
+ d/p/CVE-2018-11763.patch
+ d/p/CVE-2018-17189.patch
+ d/p/CVE-2019-0196.patch
-- Steve Beattie <email address hidden> Mon, 26 Aug 2019 06:41:23 -0700
Upload details
- Uploaded by:
- Steve Beattie
- Uploaded to:
- Bionic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- httpd
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| apache2_2.4.29.orig.tar.gz | 8.2 MiB | 948e4a11278a5954698b880b30f401b1e9ab743713ee2c7280a54dd4ddd87085 |
| apache2_2.4.29-1ubuntu4.10.debian.tar.xz | 799.8 KiB | 1464556ab3d3860f8e5b7698c39ee01369135c59d5cbb1a22c26ee1dedd39eca |
| apache2_2.4.29-1ubuntu4.10.dsc | 3.1 KiB | 4bc2815b4a024f7f990f65de48e00d3fff88e1799a5cae1b185ea92f746f0d55 |
Available diffs
Binary packages built by this source
- apache2: Apache HTTP Server
The Apache HTTP Server Project's goal is to build a secure, efficient and
extensible HTTP server as standards-compliant open source software. The
result has long been the number one web server on the Internet.
.
Installing this package results in a full installation, including the
configuration files, init scripts and support scripts.
- apache2-bin: Apache HTTP Server (modules and other binary files)
The Apache HTTP Server Project's goal is to build a secure, efficient and
extensible HTTP server as standards-compliant open source software. The
result has long been the number one web server on the Internet.
.
This package contains the binaries only and does not set up a working
web-server instance. Install the "apache2" package to get a fully working
instance.
- apache2-data: Apache HTTP Server (common files)
The Apache HTTP Server Project's goal is to build a secure, efficient and
extensible HTTP server as standards-compliant open source software. The
result has long been the number one web server on the Internet.
.
This package contains architecture-independent common files such as icons,
error pages and static index files.
- apache2-dbg: Apache debugging symbols
The Apache HTTP Server Project's goal is to build a secure, efficient and
extensible HTTP server as standards-compliant open source software. The
result has long been the number one web server on the Internet.
.
This package includes the debugging symbols. It can be used to debug
crashing server instances and modules. See
/usr/share/doc/apache2/ README. backtrace for more information.
- apache2-dev: Apache HTTP Server (development headers)
The Apache HTTP Server Project's goal is to build a secure, efficient and
extensible HTTP server as standards-compliant open source software. The
result has long been the number one web server on the Internet.
.
This package provides development headers and the apxs2 binary for the Apache
2 HTTP server, useful to develop and link third party additions to the Debian
Apache HTTP server package.
.
It also provides dh_apache2 and dh sequence addons useful to install various
Debian Apache2 extensions with debhelper. It supports
- Apache 2 module configurations and shared objects
- Site configuration files
- Global configuration files
- apache2-doc: Apache HTTP Server (on-site documentation)
The Apache HTTP Server Project's goal is to build a secure, efficient and
extensible HTTP server as standards-compliant open source software. The
result has long been the number one web server on the Internet.
.
This package provides the documentation for the Apache 2 HTTP server. The
documentation is shipped in HTML format and can be accessed from a local
running Apache HTTP server instance or by browsing the file system directly.
- apache2-ssl-dev: Apache HTTP Server (mod_ssl development headers)
The Apache HTTP Server Project's goal is to build a secure, efficient and
extensible HTTP server as standards-compliant open source software. The
result has long been the number one web server on the Internet.
.
This package provides the development header and the dependencies for
modules that interact with mod_ssl's internal openssl state.
- apache2-suexec-custom: Apache HTTP Server configurable suexec program for mod_suexec
Provides a customizable version of the suexec helper program for mod_suexec.
This is not the version from upstream, but can be configured with a
configuration file.
.
If you do not need non-standard document root or userdir settings, it is
recommended that you use the standard suexec helper program from the
apache2-suexec- pristine package instead.
- apache2-suexec-pristine: Apache HTTP Server standard suexec program for mod_suexec
Provides the standard suexec helper program for mod_suexec. This version is
compiled with document root /var/www and userdir suffix public_html. If you
need different settings, use the package apache2-suexec- custom.
- apache2-utils: Apache HTTP Server (utility programs for web servers)
Provides some add-on programs useful for any web server. These include:
- ab (Apache benchmark tool)
- fcgistarter (Start a FastCGI program)
- logresolve (Resolve IP addresses to hostnames in logfiles)
- htpasswd (Manipulate basic authentication files)
- htdigest (Manipulate digest authentication files)
- htdbm (Manipulate basic authentication files in DBM format, using APR)
- htcacheclean (Clean up the disk cache)
- rotatelogs (Periodically stop writing to a logfile and open a new one)
- split-logfile (Split a single log including multiple vhosts)
- checkgid (Checks whether the caller can setgid to the specified group)
- check_forensic (Extract mod_log_forensic output from Apache log files)
- httxt2dbm (Generate dbm files for use with RewriteMap)
