Debian Security Advisory

DLA-66-1 apache2 -- LTS security update

Date Reported:
29 Sep 2014
Affected Packages:
apache2
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2013-6438, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231.
More information:
  • CVE-2014-0231:

    prevent denial of service in mod_cgid.

  • CVE-2014-0226:

    prevent denial of service via race in mod_status.

  • CVE-2014-0118:

    fix resource consumption via mod_deflate body decompression.

  • CVE-2013-6438:

    prevent denial of service via mod_dav incorrect end of string

For Debian 6 Squeeze, these issues have been fixed in apache2 version 2.2.16-6+squeeze13