Format: 1.8 Date: Fri, 05 May 2017 10:51:32 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: s390x Version: 2.4.18-2ubuntu4.1 Distribution: yakkety Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.18-2ubuntu4.1) yakkety-security; urgency=medium . * SECURITY UPDATE: mod_sessioncrypto padding oracle attack issue - debian/patches/CVE-2016-0736.patch: authenticate the session data/cookie with a MAC in modules/session/mod_session_crypto.c. - CVE-2016-0736 * SECURITY UPDATE: denial of service via malicious mod_auth_digest input - debian/patches/CVE-2016-2161.patch: improve memory handling in modules/aaa/mod_auth_digest.c. - CVE-2016-2161 * SECURITY UPDATE: response splitting and cache pollution issue via incomplete RFC7230 HTTP request grammar enforcing - debian/patches/CVE-2016-8743.patch: enfore stricter parsing in include/http_core.h, include/http_protocol.h, include/httpd.h, modules/http/http_filters.c, server/core.c, server/gen_test_char.c, server/protocol.c, server/util.c, server/vhost.c. - debian/patches/hostnames_with_underscores.diff: relax hostname restrictions in server/vhost.c. - CVE-2016-8743 * WARNING: The fix for CVE-2016-8743 introduces a behavioural change and may introduce compatibility issues with clients that do not strictly follow specifications. A new configuration directive, "HttpProtocolOptions Unsafe" can be used to re-enable some of the less strict parsing restrictions, at the expense of security. Checksums-Sha1: 695d45cb226fec6e95d99d3af81a8710fd1081fb 988 apache2-bin-dbgsym_2.4.18-2ubuntu4.1_s390x.ddeb 99643ac4d957abc53554eca5ce63f4191d652366 851916 apache2-bin_2.4.18-2ubuntu4.1_s390x.deb f9f112447a2e664c8ecf02873bd6905547113bdf 2115228 apache2-dbg_2.4.18-2ubuntu4.1_s390x.deb 95e789dbd6b0f59f7aeb913e836d7beb3be9b3d2 970 apache2-dbgsym_2.4.18-2ubuntu4.1_s390x.ddeb 767525b2d201e560d89487aff47b84201cbf37ba 1106 apache2-dev-dbgsym_2.4.18-2ubuntu4.1_s390x.ddeb e7390589605c78f8c9fcd7944a70534c1b2835b2 172436 apache2-dev_2.4.18-2ubuntu4.1_s390x.deb d6da6f4d4b57ed874d4993ddbb1bea6fdd776222 974 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu4.1_s390x.ddeb 2337529d9e119fd3cda3f2994e00a870f5c4233b 15048 apache2-suexec-custom_2.4.18-2ubuntu4.1_s390x.deb 019039cbf6455621adc9a8ef8488c54411144c51 918 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu4.1_s390x.ddeb 9e081ca6801934fedf8749887d42e6e1266af05b 13486 apache2-suexec-pristine_2.4.18-2ubuntu4.1_s390x.deb 61aa24f114c0df9b74243e5d7b1cc89ebdd57fce 1190 apache2-utils-dbgsym_2.4.18-2ubuntu4.1_s390x.ddeb 77bbbcc6be006f3638aabb061af21472ab5b0849 80804 apache2-utils_2.4.18-2ubuntu4.1_s390x.deb 2a292a917ad9a816b066c09c604dd712dfb1a7b7 86340 apache2_2.4.18-2ubuntu4.1_s390x.deb Checksums-Sha256: b4a491cae999a730a90a3ffa367a2f762c4e05087005c71103847c7d1cf3a2a4 988 apache2-bin-dbgsym_2.4.18-2ubuntu4.1_s390x.ddeb 0b5939646f0169156a9b924a025c7c074ae771bcc904e451161d6adc7ed492c3 851916 apache2-bin_2.4.18-2ubuntu4.1_s390x.deb 30cf0a049699f3bdbfc2ea051523f5d93b9f78202d98b633f610cb9f7b49627e 2115228 apache2-dbg_2.4.18-2ubuntu4.1_s390x.deb b3a529e42c77bf9d6732269122ea51d58417830305b4d7784d5fe8bc66672447 970 apache2-dbgsym_2.4.18-2ubuntu4.1_s390x.ddeb fdb4a2d99ed2b8a74d54dbaf48f863f72f1039381fe4f9fefd8d3eb1dfd23bf4 1106 apache2-dev-dbgsym_2.4.18-2ubuntu4.1_s390x.ddeb ac8e4d704ec41184feab46d4190b155d2e89684267b32cbea444a77ef34e35f7 172436 apache2-dev_2.4.18-2ubuntu4.1_s390x.deb e408f44a95b8fe6a562dbf057b24b2754b6bfa9f4256c8ff8978401da5e573d0 974 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu4.1_s390x.ddeb 20e22b90022993e70988411b780edadd8ad08b03348db4eef66a33ff34762f23 15048 apache2-suexec-custom_2.4.18-2ubuntu4.1_s390x.deb f510f2024cbcaf0e9159bbff0fe27af530c1a0afbf29ab9893d7123818779e20 918 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu4.1_s390x.ddeb 7b86056b4ff24a14d3a0db35b6f69e279a489524102ba1e59ff38b6962854767 13486 apache2-suexec-pristine_2.4.18-2ubuntu4.1_s390x.deb 4c71104ed252cddaf893e5505fde0b05111bf8c0d774949cfa4f11a1c87770e3 1190 apache2-utils-dbgsym_2.4.18-2ubuntu4.1_s390x.ddeb 2384bb30956cdd2b4da560a25c5038a6511c052b33804ca73eed3d1033d8b708 80804 apache2-utils_2.4.18-2ubuntu4.1_s390x.deb 134397ed4bb292a2836901dd014fcceed8e8a1b83a08ec88f3e25e7c94b2456c 86340 apache2_2.4.18-2ubuntu4.1_s390x.deb Files: b0091aa0ea248176046b4ef06121c09d 988 httpd extra apache2-bin-dbgsym_2.4.18-2ubuntu4.1_s390x.ddeb ff9dad996b504440c96b4af3c4d32517 851916 httpd optional apache2-bin_2.4.18-2ubuntu4.1_s390x.deb c24ceb8a6808f72f199fe003a5ea1f69 2115228 debug extra apache2-dbg_2.4.18-2ubuntu4.1_s390x.deb 5ca18aa21d6782a6e711d86840580235 970 httpd extra apache2-dbgsym_2.4.18-2ubuntu4.1_s390x.ddeb ef2255ab9330355ce18ac9b8e9f412c9 1106 httpd extra apache2-dev-dbgsym_2.4.18-2ubuntu4.1_s390x.ddeb ceb5bedf098645db55f99c54efe0e8ca 172436 httpd optional apache2-dev_2.4.18-2ubuntu4.1_s390x.deb ef301351c132ad5c1ce6b4b4d7b5b71a 974 httpd extra apache2-suexec-custom-dbgsym_2.4.18-2ubuntu4.1_s390x.ddeb ea35fbece11b6138deaf2532cb6e4985 15048 httpd extra apache2-suexec-custom_2.4.18-2ubuntu4.1_s390x.deb 8f42cb8824a15ece0743d68345af4960 918 httpd extra apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu4.1_s390x.ddeb 1e6b0d2e35930bfa80cb7ac72f5be5f1 13486 httpd optional apache2-suexec-pristine_2.4.18-2ubuntu4.1_s390x.deb 3109a6298a51a5c4ab553fabf6ec8dca 1190 httpd extra apache2-utils-dbgsym_2.4.18-2ubuntu4.1_s390x.ddeb 5ac97e6810cdeb0983b88b3d345716c1 80804 httpd optional apache2-utils_2.4.18-2ubuntu4.1_s390x.deb 265fbbff4b5cd32f4a6e2fafb70e5739 86340 httpd optional apache2_2.4.18-2ubuntu4.1_s390x.deb Original-Maintainer: Debian Apache Maintainers