[SECURITY] [DLA 71-1] apache2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 71-1] apache2 security update
From: Raphael Hertzog <hertzog@debian.org>
Date: Thu, 16 Oct 2014 12:10:29 +0200
Message-id: <[🔎] 20141016101029.GA4079@x230-buxy.home.ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, debian-lts-announce@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : apache2
Version        : 2.2.16-6+squeeze14
CVE ID         : CVE-2013-5704 CVE-2014-3581

This update fixes two security issues with apache2.

CVE-2013-5704

    Disable the possibility to replace HTTP headers with HTTP trailers
    as this could be used to circumvent earlier header operations made by
    other modules. This can be restored with a new MergeTrailers
    directive.

CVE-2014-3581

    Fix denial of service where Apache can segfault when mod_cache is used
    and when the cached request contains an empty Content-Type header.

-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: [SECURITY] [DLA 58-2] apt regression fix
Next by Date: [SECURITY] [DLA 72-1] rsylog security update
Previous by thread: [SECURITY] [DLA 58-2] apt regression fix
Next by thread: [SECURITY] [DLA 72-1] rsylog security update
Index(es):
- Date
- Thread