Ubuntu
apache2 package

Is CVE-2016-8743 fixed in Apache 2.4.18

Asked by Brent Shinn on 2017-04-07

My vulnerability scans come up with:

Apache HTTPD: Apache HTTP Request Parsing Whitespace Defects (CVE-2016-8743)

Then it recommends that we upgrade to Apache 2.4.25 where this problem is corrected. One of the developers here said that Canonical has probably aleady fixed this in 2.4.18, but I can find any information to corroborate that.

Is (CVE-2016-8743) fixed in 2.4.18, or should I just upgrade Apache to 2.4.25?

Question information

Language:: English Edit question

Status:: Solved

For:: Ubuntu apache2 Edit question

Assignee:: No assignee Edit question

Solved by:: Manfred Hampl

Solved:: 2017-04-10

Last query:: 2017-04-10

Last reply:: 2017-04-08

Link existing bug

Revision history for this message

actionparsnip (andrew-woodhead666) said on 2017-04-08:

https://launchpad.net/ubuntu/+source/apache2/+changelog

Doesn't seem so. I suggest you report a bug

Revision history for this message

Manfred Hampl (m-hampl) said on 2017-04-08:

the fix is apparently still missing, see
see https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8743.html
and https://people.canonical.com/~ubuntu-security/cve/pkg/apache2.html

Revision history for this message

Brent Shinn (brents-z) said on 2017-04-10:

Thanks for finding those for me.

To post a message you must log in.

Ask a question

Edit question

Ubuntuapache2 package

Is CVE-2016-8743 fixed in Apache 2.4.18

Question information

Related bugs

Related FAQ:

Subscribers

Ubuntu
apache2 package