Format: 1.8 Date: Wed, 25 Apr 2018 07:38:24 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: s390x Version: 2.4.29-1ubuntu4.1 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.29-1ubuntu4.1) bionic-security; urgency=medium . * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect matching - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312 Checksums-Sha1: 490dae256f050c7880a8ea02b4aed37b59f44d8a 977748 apache2-bin_2.4.29-1ubuntu4.1_s390x.deb bfb277ccc6986d57e7abd5258ae46970fce1748e 4077160 apache2-dbg_2.4.29-1ubuntu4.1_s390x.deb b4615fdb7ca89aada30ce110deba98d34908f1de 176856 apache2-dev_2.4.29-1ubuntu4.1_s390x.deb 5be9def6fbd9f581344f31bad86ea5a36194b9d9 2400 apache2-ssl-dev_2.4.29-1ubuntu4.1_s390x.deb dc19c744e469570de16c7fb39ddb50db3f9fe4a5 15072 apache2-suexec-custom_2.4.29-1ubuntu4.1_s390x.deb 4175d56081c47247dcbeee5123190737e5f1b1e2 13560 apache2-suexec-pristine_2.4.29-1ubuntu4.1_s390x.deb 8aa1ae85bac6bf9fc584103a1b490eb7aafc847a 81360 apache2-utils_2.4.29-1ubuntu4.1_s390x.deb efffc6fbbe56400a54f121f46b7fcda863676cd6 9567 apache2_2.4.29-1ubuntu4.1_s390x.buildinfo 328b5ec439a1ed5c4877216c443f6a1f712de635 95116 apache2_2.4.29-1ubuntu4.1_s390x.deb Checksums-Sha256: 5dfc584928d70720f0a5945a7f579098383ff27570818ac14020e1106ad34950 977748 apache2-bin_2.4.29-1ubuntu4.1_s390x.deb 48fa1332fb09f6f739090620f2ec0343f546df481815486e40969e53a64f0e8e 4077160 apache2-dbg_2.4.29-1ubuntu4.1_s390x.deb 2ef075fe00eca73aed458b1bbc9a3b695c6a17a61bb6d7dc79e051eda39597a6 176856 apache2-dev_2.4.29-1ubuntu4.1_s390x.deb 04e47318a067ec2b148181e493af2b0a8211be213a63694ed2cb94bbc4a03690 2400 apache2-ssl-dev_2.4.29-1ubuntu4.1_s390x.deb d1757e3fd07d45bb43473c818244807c97d9c5be3ad9c941e6c6baeb5fe4144e 15072 apache2-suexec-custom_2.4.29-1ubuntu4.1_s390x.deb d29c379246df2bf7f8fe2e1425510d2db038fef0556adbd51f11b2c726f24a1b 13560 apache2-suexec-pristine_2.4.29-1ubuntu4.1_s390x.deb 537be85ac8763ecfdb3af871953958ad34a1f441a5b2c6798fba4b3654a2b6ff 81360 apache2-utils_2.4.29-1ubuntu4.1_s390x.deb 02f864a2000ac1c3d4b35c051b29c0dde96dfaa61eeeea06a5fc8beb09722ed5 9567 apache2_2.4.29-1ubuntu4.1_s390x.buildinfo 2463a233a58b58dda4b55bc5f440149fc86f71068bd3ec9ae86db0b440d0896f 95116 apache2_2.4.29-1ubuntu4.1_s390x.deb Files: 430465d4a7153d5990c79633cdb21e94 977748 httpd optional apache2-bin_2.4.29-1ubuntu4.1_s390x.deb f68c2a5a767ad2cbb1dae687ea4a1555 4077160 debug optional apache2-dbg_2.4.29-1ubuntu4.1_s390x.deb 9c6b09b80809524c46823aeb378aa0c8 176856 httpd optional apache2-dev_2.4.29-1ubuntu4.1_s390x.deb 80c5ae2904d140947c06854f342e296b 2400 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.1_s390x.deb fb98101faa0d96744f2639d216650f25 15072 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.1_s390x.deb fe6843130e641cc70c39c467acd6ea87 13560 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.1_s390x.deb 081a8243e9d28e8b0edca83d4aa18b31 81360 httpd optional apache2-utils_2.4.29-1ubuntu4.1_s390x.deb 74717c254af597f42934596e660a9e2d 9567 httpd optional apache2_2.4.29-1ubuntu4.1_s390x.buildinfo 37bff9ae2c127be4b9aa24e3ffab373e 95116 httpd optional apache2_2.4.29-1ubuntu4.1_s390x.deb Original-Maintainer: Debian Apache Maintainers