Debian
apache2 package

apache2 2.4.25-3+deb9u7 source package in Debian

Changelog

apache2 (2.4.25-3+deb9u7) stretch-security; urgency=medium

  [ Xavier Guimard ]
  * CVE-2018-17199: mode_session: Fix missing check for session expiry time.
    Closes: #920303

  [ Stefan Fritsch ]
  * mod_http2: Fix keepalive timeout behavior. This fixes a regression with
    Safari web browsers, introduced in 2.4.25-3+deb9u6. Closes: #915103
  * Fix typo in apache2_switch_mpm() in apache2-maintscript-helper.
    Closes: #904150
  * CVE-2018-17189: mod_http2: Fix DoS via slow, unneeded request bodies.
    Closes: #920302
  * CVE-2019-0196: mod_http2: Fix read after free
  * CVE-2019-0211: All MPMs: privilege escalation from www-data user to root.
  * CVE-2019-0217: mod_auth_digest: Access control bypass
  * CVE-2019-0220: URL normalization inconsistincy.
    Consecutive slashes in URL's are now merged before use in LocationMatch
    and RewriteRule. The old behavior can be restored with the new directive
    "MergeSlashes off".

 -- Stefan Fritsch <email address hidden>  Tue, 02 Apr 2019 21:05:13 +0200

Upload details

Uploaded by:
Debian Apache Maintainers
Uploaded to:
Stretch
Original maintainer:
Debian Apache Maintainers
Architectures:
any all
Section:
httpd
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
apache2_2.4.25-3+deb9u7.dsc 2.9 KiB 3e53a393d39bd3ae33f5c3864993939e15805ff58508392880b1fcb3d0783e5c
apache2_2.4.25.orig.tar.bz2 6.1 MiB f87ec2df1c9fee3e6bfde3c8b855a3ddb7ca1ab20ca877bd0e2b6bf3f05c80b2
apache2_2.4.25-3+deb9u7.debian.tar.xz 776.6 KiB 5c7855b18289bbdabce4ca5d4053f6dbd657f48b211a180503bf509a9dcc37d9

No changes file available.

Binary packages built by this source