Debian Security Advisory
DLA-71-1 apache2 -- LTS security update
- Date Reported:
- 16 Oct 2014
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-5704, CVE-2014-3581.
- More information:
This update fixes two security issues with apache2.
Disable the possibility to replace HTTP headers with HTTP trailers as this could be used to circumvent earlier header operations made by other modules. This can be restored with a new MergeTrailers directive.
Fix denial of service where Apache can segfault when mod_cache is used and when the cached request contains an empty Content-Type header.
For Debian 6
Squeeze, these issues have been fixed in apache2 version 2.2.16-6+squeeze14