Format: 1.8 Date: Wed, 03 Apr 2019 09:34:47 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: ppc64el Version: 2.4.18-2ubuntu3.10 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.18-2ubuntu3.10) xenial-security; urgency=medium . * SECURITY UPDATE: mod_session expiry time issue - debian/patches/CVE-2018-17199.patch: always decode session attributes early in modules/session/mod_session.c. - CVE-2018-17199 * SECURITY UPDATE: privilege escalation from modules' scripts - debian/patches/CVE-2019-0211.patch: bind the bucket number of each child to its slot number in include/scoreboard.h, server/mpm/event/event.c, server/mpm/prefork/prefork.c, server/mpm/worker/worker.c. - CVE-2019-0211 * SECURITY UPDATE: mod_auth_digest access control bypass - debian/patches/CVE-2019-0217.patch: fix a race condition in modules/aaa/mod_auth_digest.c. - CVE-2019-0217 * SECURITY UPDATE: URL normalization inconsistincy - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in the path in include/http_core.h, include/httpd.h, server/core.c, server/request.c, server/util.c. - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety in server/request.c, server/util.c. - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in server/util.c. - CVE-2019-0220 Checksums-Sha1: 797a0aaee0ac4720b5397ca41afe81b8383a0517 996 apache2-bin-dbgsym_2.4.18-2ubuntu3.10_ppc64el.ddeb 848f3495de48d03b8c3c531434d87bb9799708a9 876232 apache2-bin_2.4.18-2ubuntu3.10_ppc64el.deb 1352a647e8b31fbe1c2c370bd6e4d9735ad39ea0 2238286 apache2-dbg_2.4.18-2ubuntu3.10_ppc64el.deb d631677a5a0726e8bca407391cee6a3a0928332b 976 apache2-dbgsym_2.4.18-2ubuntu3.10_ppc64el.ddeb 5ed87cc9970325675de447e4d4296238b55b84c2 1116 apache2-dev-dbgsym_2.4.18-2ubuntu3.10_ppc64el.ddeb 651262c695267f8eb1fae58f48d6a52f6adff4a4 173100 apache2-dev_2.4.18-2ubuntu3.10_ppc64el.deb a131556a3c6d0f4fa8ef903fcefc33e1bab8bfef 980 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.10_ppc64el.ddeb 1d8495eaf5943c2e8f95185ffef71fd4584157bc 15210 apache2-suexec-custom_2.4.18-2ubuntu3.10_ppc64el.deb cdd343114230e4e16ef7d42a7a35883b9e3bba3a 924 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.10_ppc64el.ddeb 0ebafbb5179a315b51768d05cd9b15002f55a328 13658 apache2-suexec-pristine_2.4.18-2ubuntu3.10_ppc64el.deb 046d6f8852479e27c40d69fb7945c56230313bcc 1198 apache2-utils-dbgsym_2.4.18-2ubuntu3.10_ppc64el.ddeb 05394e3025be8ca2f2e97037aa712b88036c6566 80988 apache2-utils_2.4.18-2ubuntu3.10_ppc64el.deb f2f4d58c55d0cc988c1bcbfcd131d3e71f073e2a 86748 apache2_2.4.18-2ubuntu3.10_ppc64el.deb Checksums-Sha256: 3362e3d4aedefe3b1e7afaaaa259cdc603bf3c4dc06b33709c9caacd4eba3fd5 996 apache2-bin-dbgsym_2.4.18-2ubuntu3.10_ppc64el.ddeb d341bbe35b95647cc6a08229e9a947f41b9961c5b08d1392a00644c7bde1749e 876232 apache2-bin_2.4.18-2ubuntu3.10_ppc64el.deb 2c1a0b783390c23ac9f4356ec6b6034957bbe5741d9eeb6a768b884875dc6eac 2238286 apache2-dbg_2.4.18-2ubuntu3.10_ppc64el.deb 8f0e9613b300a328f242487a352c3ef2a7f4d52f8b33fa703ba6cc57f604d895 976 apache2-dbgsym_2.4.18-2ubuntu3.10_ppc64el.ddeb 421666ddc9cc2a643b8cc8877bf05d095e43cce07b3bca7077f286038aea79df 1116 apache2-dev-dbgsym_2.4.18-2ubuntu3.10_ppc64el.ddeb 8517894f1a5677ebfc1aa8bc0081b1e7c96c396f1d6b8a2966bd91a158cd6b8e 173100 apache2-dev_2.4.18-2ubuntu3.10_ppc64el.deb e5cd06fd8c2dcc44d1d9139408449b14946b1e7423e9752d95f5cd88b3d0f95e 980 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.10_ppc64el.ddeb 5b3e6c82858ff740acdaa4941491a3dc470fa3a6b7b3f9db675bfe935e31eac2 15210 apache2-suexec-custom_2.4.18-2ubuntu3.10_ppc64el.deb 5105e52bc6306bac070fdffd734702e9d012177eb57914297acb80a18b2d02a5 924 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.10_ppc64el.ddeb 873d1997700d42b8f7608d821ed7aed058b3c714561e0b820eda3bcce3ab7629 13658 apache2-suexec-pristine_2.4.18-2ubuntu3.10_ppc64el.deb aaa3c880c3be42dd60ddcad14ae6aea1c3d9b904ddc69c62089249cb5674250f 1198 apache2-utils-dbgsym_2.4.18-2ubuntu3.10_ppc64el.ddeb a9faa7a07f40e1a61b42d25b8a856b111662860fb0ffd931d1fe93ce9e22f0de 80988 apache2-utils_2.4.18-2ubuntu3.10_ppc64el.deb f62e02378a62d288ce56474467b366451b38d4e45c1a2851812b77d8e4c82708 86748 apache2_2.4.18-2ubuntu3.10_ppc64el.deb Files: ff55f8a0148d616016d8dfc6aa9167d8 996 httpd extra apache2-bin-dbgsym_2.4.18-2ubuntu3.10_ppc64el.ddeb bf9ab6f3a01855d6bb7f6cc00607d596 876232 httpd optional apache2-bin_2.4.18-2ubuntu3.10_ppc64el.deb b3fbef9a24101cbcf8728c897d060d9a 2238286 debug extra apache2-dbg_2.4.18-2ubuntu3.10_ppc64el.deb 45c75eea17a45f737c53826855343dfb 976 httpd extra apache2-dbgsym_2.4.18-2ubuntu3.10_ppc64el.ddeb 214b29524678bcfff2af22b1254ac009 1116 httpd extra apache2-dev-dbgsym_2.4.18-2ubuntu3.10_ppc64el.ddeb a64aa974b9c53f8f6f612c7645546108 173100 httpd optional apache2-dev_2.4.18-2ubuntu3.10_ppc64el.deb 4a7a0bf2fdfda8d8d30fb40d3cb5fd6d 980 httpd extra apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.10_ppc64el.ddeb 2057fe3c4643dbc93115ffe27839be10 15210 httpd extra apache2-suexec-custom_2.4.18-2ubuntu3.10_ppc64el.deb e42f49c4ecf4328cd00794cca75519f9 924 httpd extra apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.10_ppc64el.ddeb 22b4327d86ddd2a616b849589e2c1da5 13658 httpd optional apache2-suexec-pristine_2.4.18-2ubuntu3.10_ppc64el.deb 64834d674bffd9fc682bb747a0212bd8 1198 httpd extra apache2-utils-dbgsym_2.4.18-2ubuntu3.10_ppc64el.ddeb 01be1644672d860f507102a4b8eda347 80988 httpd optional apache2-utils_2.4.18-2ubuntu3.10_ppc64el.deb d7c396bc604064d974895659a5137c2d 86748 httpd optional apache2_2.4.18-2ubuntu3.10_ppc64el.deb Original-Maintainer: Debian Apache Maintainers