Debian Security Advisory
DLA-71-1 apache2 -- LTS security update
- Date Reported:
- 16 Oct 2014
- Affected Packages:
- apache2
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-5704, CVE-2014-3581.
- More information:
-
This update fixes two security issues with apache2.
- CVE-2013-5704
Disable the possibility to replace HTTP headers with HTTP trailers as this could be used to circumvent earlier header operations made by other modules. This can be restored with a new MergeTrailers directive.
- CVE-2014-3581
Fix denial of service where Apache can segfault when mod_cache is used and when the cached request contains an empty Content-Type header.
For Debian 6
Squeeze
, these issues have been fixed in apache2 version 2.2.16-6+squeeze14 - CVE-2013-5704