[SECURITY] [DLA 284-1] apache2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 284-1] apache2 security update
From: Santiago Ruano Rincón <santiagorr@riseup.net>
Date: Tue, 28 Jul 2015 23:31:48 +0200
Message-id: <[🔎] 20150728213148.GA12503@nomada>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : apache2
Version        : 2.2.16-6+squeeze15
CVE ID         : CVE-2015-3183

A vulnerability has been found in the Apache HTTP Server.

CVE-2015-3183

    Apache HTTP Server did not properly parse chunk headers, which
    allowed remote attackers to conduct HTTP request smuggling via a
    crafted request. This flaw relates to mishandling of large
    chunk-size values and invalid chunk-extension characters in
    modules/http/http_filters.c.

For the squeeze distribution, these issues have been fixed in version
2.2.16-6+squeeze15 of apache2.

We recommend you to upgrade your apache2 packages.

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: [SECURITY] [DLA 285-1] bind9 security update
Next by Date: [SECURITY] [DLA 286-1] squid3 security update
Previous by thread: [SECURITY] [DLA 285-1] bind9 security update
Next by thread: [SECURITY] [DLA 286-1] squid3 security update
Index(es):
- Date
- Thread