Format: 1.8 Date: Mon, 26 Jun 2017 07:58:04 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: i386 Version: 2.4.18-2ubuntu3.3 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.18-2ubuntu3.3) xenial-security; urgency=medium . * SECURITY UPDATE: authentication bypass in ap_get_basic_auth_pw() - debian/patches/CVE-2017-3167.patch: deprecate and replace ap_get_basic_auth_pw in include/ap_mmn.h, include/http_protocol.h, server/protocol.c, server/request.c. - CVE-2017-3167 * SECURITY UPDATE: NULL pointer deref in ap_hook_process_connection() - debian/patches/CVE-2017-3169.patch: fix ctx passed to ssl_io_filter_error() in modules/ssl/ssl_engine_io.c. - CVE-2017-3169 * SECURITY UPDATE: denial of service and possible incorrect value return in HTTP strict parsing changes - debian/patches/CVE-2017-7668.patch: short-circuit on NULL in server/util.c. - CVE-2017-7668 * SECURITY UPDATE: mod_mime DoS via crafted Content-Type response header - debian/patches/CVE-2017-7679.patch: fix quoted pair scanning in modules/http/mod_mime.c. - CVE-2017-7679 Checksums-Sha1: 18910122d65866e3e1ba51db6ddd71d2a0fe394e 992 apache2-bin-dbgsym_2.4.18-2ubuntu3.3_i386.ddeb 0e8474c99f671450f4ad66f480eefadf2589fdc4 989998 apache2-bin_2.4.18-2ubuntu3.3_i386.deb e86dc57b10df0de23b1f3c215a4d59f7510971f5 1782752 apache2-dbg_2.4.18-2ubuntu3.3_i386.deb 38f328665b847a7c2223e8faf4d0f06e4a041bec 972 apache2-dbgsym_2.4.18-2ubuntu3.3_i386.ddeb 5902c1758a46b915b0bb1b1d984e8526b4ab86e8 1110 apache2-dev-dbgsym_2.4.18-2ubuntu3.3_i386.ddeb 577c81d3a8b8145e6f82ac8d00e816b1fb8bc799 172992 apache2-dev_2.4.18-2ubuntu3.3_i386.deb 8050e666c91a3405104ed0f6dc89f471f73a33e0 976 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.3_i386.ddeb 63e4ca0fdfd5a6cef2f4da348a3d6dea66d75972 15048 apache2-suexec-custom_2.4.18-2ubuntu3.3_i386.deb 452a414f735ae80cefb8b5fe671325d6d1ace595 922 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.3_i386.ddeb d196de8d5d890e90f0498f6467e87f311a1f5583 13558 apache2-suexec-pristine_2.4.18-2ubuntu3.3_i386.deb 31e737c4213849406ddc08da6df33bf4d9bdddff 1194 apache2-utils-dbgsym_2.4.18-2ubuntu3.3_i386.ddeb 1bd73a837439f72e60640fed148e803d747fd6cc 86986 apache2-utils_2.4.18-2ubuntu3.3_i386.deb d67317aae22865c49d162b68c1ff5119946baf94 86788 apache2_2.4.18-2ubuntu3.3_i386.deb Checksums-Sha256: 7ff80376e06b023080ae8c4f2f705a936c1b9bb8d21a726fe2463cb42cd9ff86 992 apache2-bin-dbgsym_2.4.18-2ubuntu3.3_i386.ddeb 57605bd6b6fc5ad822bb9e278ec7823eebdb83dba1eca05149c4ff9ddfa7114f 989998 apache2-bin_2.4.18-2ubuntu3.3_i386.deb f5d4dd00058d59ce374de5d2d286a33edf8a3f88302538ea15d6e8767eae4423 1782752 apache2-dbg_2.4.18-2ubuntu3.3_i386.deb 8a1e671a7bc4bd95898d5ca495dd888339264f443eb8541a0f1283fa82409778 972 apache2-dbgsym_2.4.18-2ubuntu3.3_i386.ddeb b8f5261cacd56d122369145a01112c20c76ded8d1b335bfd65b3f7bd14199cd4 1110 apache2-dev-dbgsym_2.4.18-2ubuntu3.3_i386.ddeb b47d102b1036106c2336460fca658f90100648b031420069116e2942236c208d 172992 apache2-dev_2.4.18-2ubuntu3.3_i386.deb bbb907f6a9b68f9afcbd1c9576e1a2c16dbec74ea8bfdd2623d50dab2db4aa20 976 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.3_i386.ddeb 2c5e0d9fc60c1d8464fdb2e4ad2f73d156d8ad0b8545850eddda81277cbd1dac 15048 apache2-suexec-custom_2.4.18-2ubuntu3.3_i386.deb 07dd35f7bd97b701dfc638c28c0727b652e7ac6eb6d50d4476c9505e380f88e9 922 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.3_i386.ddeb a8ba334c9027e1793659250bb58c81483e8b2946d5e4063d14ce144975618828 13558 apache2-suexec-pristine_2.4.18-2ubuntu3.3_i386.deb 046719089ed36512de30897528e37e2e5dd745e4b967edcfc8d57448c4538d3b 1194 apache2-utils-dbgsym_2.4.18-2ubuntu3.3_i386.ddeb bfe171e16dee60cbd0fd1dbac6488eab3251675062e575081c243d894f00e4a6 86986 apache2-utils_2.4.18-2ubuntu3.3_i386.deb 4e25b69c47b30d9a32a9f7f4c1ca6e9556c51baa1cd7488a5d1052e66c7c9a72 86788 apache2_2.4.18-2ubuntu3.3_i386.deb Files: 19eaa7b7be977d0967bb45a9a6c97e6a 992 httpd extra apache2-bin-dbgsym_2.4.18-2ubuntu3.3_i386.ddeb e8874d4897c1941c7c202db86fb41c82 989998 httpd optional apache2-bin_2.4.18-2ubuntu3.3_i386.deb 6f5a7f28847348c2d3e2fb9bdb51f01f 1782752 debug extra apache2-dbg_2.4.18-2ubuntu3.3_i386.deb 65ae81844ebeb9c88a212d93cd676c12 972 httpd extra apache2-dbgsym_2.4.18-2ubuntu3.3_i386.ddeb c41e79612fb9f1a37b95902fee947be6 1110 httpd extra apache2-dev-dbgsym_2.4.18-2ubuntu3.3_i386.ddeb 753bd9089a36b5ad4be373171de149a2 172992 httpd optional apache2-dev_2.4.18-2ubuntu3.3_i386.deb f8fa7423148630aa768cfa1836631d20 976 httpd extra apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.3_i386.ddeb cb652041822647966a4f836bd9fa1e22 15048 httpd extra apache2-suexec-custom_2.4.18-2ubuntu3.3_i386.deb 07221ca68c40c5cced606552b7ef135f 922 httpd extra apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.3_i386.ddeb 1a029621af33e4a30afd759678aeaf12 13558 httpd optional apache2-suexec-pristine_2.4.18-2ubuntu3.3_i386.deb b7e74ba5765c4fbcd2a4b206c0109965 1194 httpd extra apache2-utils-dbgsym_2.4.18-2ubuntu3.3_i386.ddeb 1704c04de4a1fea9d3a11f71a71f5e07 86986 httpd optional apache2-utils_2.4.18-2ubuntu3.3_i386.deb 78e2642a0882aa1c9d38e9232ff673b3 86788 httpd optional apache2_2.4.18-2ubuntu3.3_i386.deb Original-Maintainer: Debian Apache Maintainers