[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1647-1] apache2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : apache2
Version        : 2.4.10-10+deb8u13
CVE ID         : CVE-2018-17199


Diego Angulo from ImExHS discovered an issue in the webserver apache2.
The module mod_session ignored the expiry time of sessions handled by mod_session_cookie, because the expiry time is available only after decoding the session and the check was already done before.


For Debian 8 "Jessie", this problem has been fixed in version
2.4.10-10+deb8u13.

We recommend that you upgrade your apache2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlxQxYZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdARxAAxc1H4D8XBkuYMVffSCGfvb/FdPR+HU6dhFyN3vmeVkzdYIPH6CdiXEoH
Y5izHzpBAubD5aEs4V/1kyZQ7+1lXB35ycy/kGw9Do7T0WWvmRzKAoZSeTbImslf
COzcsuP7VUcGW/nOBFTXsXbR+O+MV2GbIw8C2+U3vwMIynPFwjuvBtrLg/Q1LIWZ
mpy96J4cvQ4wX60DG43FHsJUZ0CsClpHEqJ/3JsZPx6nH/7uSttOsoblLoXlmD5k
ab+u9I5jxjIoclegL4FEh1rZLLOmCgZar+dvTelulSJZBjLgJVn5VNwsPSk3+CbU
/ZFJVHu5KSQm3D9+PU4fU4ha1c2IkT80jnIAOWcoM09yCwPPDFvhAyg0s9BEjgNL
I7lz1LiOV6xRNQu6MFXszpcvE1jZ33YOikjhM6TSejb0wRn+Pm8BL1Q/12m3W5qt
bN1ar9NigbZRcUdnT6dBeuWmc+mVNeHtZWa/u/1zMMY6sulvkm2tI8/1Qcy3oTIW
GYMj91hQxwPCYNj7uI0JTg4A9kcAPoxbHZd+yy7Q6lGcDh6U2uwbfN6n2B7CTGuN
Ffx9b97VWxzz70xK+U6wR4LMKvJctAnQPkLtme9HkHjDnC9nRqD9BKpuqqlF2Dkx
KCmp58zSV3ZjaAgJqRrYHLaa9p+PmL1EcQMDXT/0LJXHLTrY4sk=
=Js4Q
-----END PGP SIGNATURE-----


Reply to: