Format: 1.8
Date: Fri, 05 May 2017 12:32:00 -0400
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg
Architecture: amd64 all
Version: 2.4.18-2ubuntu3.2
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy01-08.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Changes:
 apache2 (2.4.18-2ubuntu3.2) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: mod_sessioncrypto padding oracle attack issue
     - debian/patches/CVE-2016-0736.patch: authenticate the session
       data/cookie with a MAC in modules/session/mod_session_crypto.c.
     - CVE-2016-0736
   * SECURITY UPDATE: denial of service via malicious mod_auth_digest input
     - debian/patches/CVE-2016-2161.patch: improve memory handling in
       modules/aaa/mod_auth_digest.c.
     - CVE-2016-2161
   * SECURITY UPDATE: response splitting and cache pollution issue via
     incomplete RFC7230 HTTP request grammar enforcing
     - debian/patches/CVE-2016-8743.patch: enfore stricter parsing in
       include/http_core.h, include/http_protocol.h, include/httpd.h,
       modules/http/http_filters.c, server/core.c, server/gen_test_char.c,
       server/protocol.c, server/util.c, server/vhost.c.
     - debian/patches/hostnames_with_underscores.diff: relax hostname
       restrictions in server/vhost.c.
     - CVE-2016-8743
   * WARNING: The fix for CVE-2016-8743 introduces a behavioural change and
     may introduce compatibility issues with clients that do not strictly
     follow specifications. A new configuration directive,
     "HttpProtocolOptions Unsafe" can be used to re-enable some of the less
     strict parsing restrictions, at the expense of security.
Checksums-Sha1:
 137c2da06b52406257c713494302c502f39311e3 992 apache2-bin-dbgsym_2.4.18-2ubuntu3.2_amd64.ddeb
 3c4dd96083cb564eb453fcfe51e6074826909e16 925540 apache2-bin_2.4.18-2ubuntu3.2_amd64.deb
 b741d9e7793837f272bcd16578e50ce5c55c55bd 161926 apache2-data_2.4.18-2ubuntu3.2_all.deb
 f6fd339420cbba614cc081ff73a50eb465c30d33 2025316 apache2-dbg_2.4.18-2ubuntu3.2_amd64.deb
 3b7960e4667ca945a4e999ae3d00d003f1d2253e 970 apache2-dbgsym_2.4.18-2ubuntu3.2_amd64.ddeb
 8de0471f62b6054075a0c824d25483415585958c 1112 apache2-dev-dbgsym_2.4.18-2ubuntu3.2_amd64.ddeb
 24c4cab2bf6eff1ef0fc39cce154dd624cc90f4b 172662 apache2-dev_2.4.18-2ubuntu3.2_amd64.deb
 10981270636a8b3d552ade81ca2f8f98bb7055ac 2658472 apache2-doc_2.4.18-2ubuntu3.2_all.deb
 32c8e7afd7b7393df37cd77013a847e29ea669fe 978 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.2_amd64.ddeb
 27245d32f59a5071dcdb821c0556a42cff31ac83 15078 apache2-suexec-custom_2.4.18-2ubuntu3.2_amd64.deb
 313dba1b353ef40e50c915325e555b2dd3244e2d 922 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.2_amd64.ddeb
 9c638ac181d92ab1086f9af703fbd796f903d8aa 13578 apache2-suexec-pristine_2.4.18-2ubuntu3.2_amd64.deb
 5393145317c20b9d3d4a55e056ec34f1f023308c 1194 apache2-utils-dbgsym_2.4.18-2ubuntu3.2_amd64.ddeb
 fed5ed860a6043cccfa973ce2e171c1fe8924f13 81686 apache2-utils_2.4.18-2ubuntu3.2_amd64.deb
 8ba407c4f6d603a634df3d01b63a871f2813b0f6 86658 apache2_2.4.18-2ubuntu3.2_amd64.deb
Checksums-Sha256:
 437c9b0062d6012ee6f680dda266d9d4421286ebcdf1043eb9bd53925d31022d 992 apache2-bin-dbgsym_2.4.18-2ubuntu3.2_amd64.ddeb
 e2b0cbe1e553daccd105b725afc020b087f8e3ecb185696da1e797d1f47dc0c5 925540 apache2-bin_2.4.18-2ubuntu3.2_amd64.deb
 28bf8da9099e9b8f4b1dec9c9f5ba0c8c02778d8599d0d59282a01215aba0fe1 161926 apache2-data_2.4.18-2ubuntu3.2_all.deb
 260a0b3c087d68848da0a219c593a843501a6afbe55b16dc8daaee3eefde4678 2025316 apache2-dbg_2.4.18-2ubuntu3.2_amd64.deb
 44c3be0065e65ab4f2039f66df1b7712158b8c1298f4742692ed0ebab5a1f8b9 970 apache2-dbgsym_2.4.18-2ubuntu3.2_amd64.ddeb
 5f40c7f3b59ad1ab7e376fbaf47e61eb5140c9cd0db2abf5a8fb93ca23f66529 1112 apache2-dev-dbgsym_2.4.18-2ubuntu3.2_amd64.ddeb
 b06c8be4f8845567fc707facc0b4cf00b3802dec7cf920289785510a6b8091f8 172662 apache2-dev_2.4.18-2ubuntu3.2_amd64.deb
 d73d3db31f5909615b7d836b54f41546ad5e025defc18744425375fdf620b5e8 2658472 apache2-doc_2.4.18-2ubuntu3.2_all.deb
 314c3537f66631890a11fff0e9d3bd3e06de12e6ad66b18f5a219d20cb76161d 978 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.2_amd64.ddeb
 f64d6f591611e4d4670199e4baa5441755580b5604c592c205a27bef52184ba7 15078 apache2-suexec-custom_2.4.18-2ubuntu3.2_amd64.deb
 28e53ae44e4437eb7f732ab83ec32179ddbaf44daf2393344d4b2ad50ec0cb9b 922 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.2_amd64.ddeb
 79179800136b82f38167a43bec1aff0539b2fea2f31a1de6f840b9799459e084 13578 apache2-suexec-pristine_2.4.18-2ubuntu3.2_amd64.deb
 c73b27bc9519ff9190f65e8de6a94161d09f6d8f939525589acf0f45c76c8df1 1194 apache2-utils-dbgsym_2.4.18-2ubuntu3.2_amd64.ddeb
 9a24a0ea6bda52b61e9791ec60c51252b0828b0d08f772fbba1c95edbdf1f4ff 81686 apache2-utils_2.4.18-2ubuntu3.2_amd64.deb
 dc3e12ce75f4ab229f220afe49634fe487acc0fe96c290e43ba85144f505c94a 86658 apache2_2.4.18-2ubuntu3.2_amd64.deb
Files:
 ae405b8a23b6da40b76cbca14ff7f40d 992 httpd extra apache2-bin-dbgsym_2.4.18-2ubuntu3.2_amd64.ddeb
 572dea79c01e798afd748fce26e388fc 925540 httpd optional apache2-bin_2.4.18-2ubuntu3.2_amd64.deb
 4252902648cf3ada3ee7523a9844bebc 161926 httpd optional apache2-data_2.4.18-2ubuntu3.2_all.deb
 e1382bb67f715e5fc06b575bc86e00d0 2025316 debug extra apache2-dbg_2.4.18-2ubuntu3.2_amd64.deb
 3e1772dc6a4ac6ae8782c5386916b5bc 970 httpd extra apache2-dbgsym_2.4.18-2ubuntu3.2_amd64.ddeb
 0216c52329faf2f89230ae7ef643ca63 1112 httpd extra apache2-dev-dbgsym_2.4.18-2ubuntu3.2_amd64.ddeb
 3f13395d77169fa74f5838dc14c3f3ee 172662 httpd optional apache2-dev_2.4.18-2ubuntu3.2_amd64.deb
 1233417436b776652b8941d9da7bd6af 2658472 doc optional apache2-doc_2.4.18-2ubuntu3.2_all.deb
 58e49eda34aee85501261431e18a1f23 978 httpd extra apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.2_amd64.ddeb
 179a1ef614f871d70222def07b7c9ac4 15078 httpd extra apache2-suexec-custom_2.4.18-2ubuntu3.2_amd64.deb
 092a3c37e17fc6caf4b27622d80d125a 922 httpd extra apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.2_amd64.ddeb
 cfb6cd7f33cdb23d2375603643800f33 13578 httpd optional apache2-suexec-pristine_2.4.18-2ubuntu3.2_amd64.deb
 3759d94a2bf1a05fdb31803935594c86 1194 httpd extra apache2-utils-dbgsym_2.4.18-2ubuntu3.2_amd64.ddeb
 fa48900a53a3c9c0340f77aea1730aed 81686 httpd optional apache2-utils_2.4.18-2ubuntu3.2_amd64.deb
 0ff8a7ef35d650f661f2239a1e6d06f7 86658 httpd optional apache2_2.4.18-2ubuntu3.2_amd64.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>