Format: 1.8 Date: Wed, 03 Apr 2019 09:34:47 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: arm64 Version: 2.4.18-2ubuntu3.10 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.18-2ubuntu3.10) xenial-security; urgency=medium . * SECURITY UPDATE: mod_session expiry time issue - debian/patches/CVE-2018-17199.patch: always decode session attributes early in modules/session/mod_session.c. - CVE-2018-17199 * SECURITY UPDATE: privilege escalation from modules' scripts - debian/patches/CVE-2019-0211.patch: bind the bucket number of each child to its slot number in include/scoreboard.h, server/mpm/event/event.c, server/mpm/prefork/prefork.c, server/mpm/worker/worker.c. - CVE-2019-0211 * SECURITY UPDATE: mod_auth_digest access control bypass - debian/patches/CVE-2019-0217.patch: fix a race condition in modules/aaa/mod_auth_digest.c. - CVE-2019-0217 * SECURITY UPDATE: URL normalization inconsistincy - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in the path in include/http_core.h, include/httpd.h, server/core.c, server/request.c, server/util.c. - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety in server/request.c, server/util.c. - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in server/util.c. - CVE-2019-0220 Checksums-Sha1: 837657d1e4edd326da12b61cfc0c70f218937b7b 996 apache2-bin-dbgsym_2.4.18-2ubuntu3.10_arm64.ddeb cddff4c3a93b6b2371ab2c3d58dc9b3b1cd9f972 775172 apache2-bin_2.4.18-2ubuntu3.10_arm64.deb d4200743ec610f60442c7b132a7d3e359c74a241 2067394 apache2-dbg_2.4.18-2ubuntu3.10_arm64.deb 4e44e61d4e026207107ae9f0604141ea3ba49e8e 974 apache2-dbgsym_2.4.18-2ubuntu3.10_arm64.ddeb 91a165c61f6f6578aae0324946effddc7e94a074 1116 apache2-dev-dbgsym_2.4.18-2ubuntu3.10_arm64.ddeb cf88cced8cb3a01af0f2fb1aa24b685ad6a37528 173536 apache2-dev_2.4.18-2ubuntu3.10_arm64.deb 5cee77ebf840b03b957569bb617a5b83852fc12e 980 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.10_arm64.ddeb 41c9a5fdb412cd721f5d76dcddb351e14e3e6770 14928 apache2-suexec-custom_2.4.18-2ubuntu3.10_arm64.deb a9bf3611f93a8111334a45d39368232a903cedfe 922 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.10_arm64.ddeb f4b2fdabe9d5b51794ca75df99bfeca3127825fc 13448 apache2-suexec-pristine_2.4.18-2ubuntu3.10_arm64.deb f7a3c22b6efa0abd41f7834b62153f73b54acb52 1198 apache2-utils-dbgsym_2.4.18-2ubuntu3.10_arm64.ddeb c1ea40c37a746844415363be1e2ce8615854f0af 78244 apache2-utils_2.4.18-2ubuntu3.10_arm64.deb 91da3fd178514e6788906161f7ae7d6db72b1eb8 86448 apache2_2.4.18-2ubuntu3.10_arm64.deb Checksums-Sha256: 0ef152c5ed977e75d80b32bfdd6a0de0e6ed783254542c0ea8db8a4c63a1c978 996 apache2-bin-dbgsym_2.4.18-2ubuntu3.10_arm64.ddeb 4cf9d5355add50df0b0edcdbc1fc3b2eb087c742ae0936f7d562e8778af9928a 775172 apache2-bin_2.4.18-2ubuntu3.10_arm64.deb e851d43802951c0ed057031ec6011c6e31134606a6e75b47a8afaec25fbe8e9b 2067394 apache2-dbg_2.4.18-2ubuntu3.10_arm64.deb 88d62a9be640b506a1de00943b9cc234fc500ac08d6457e350d2f50cd066d5d4 974 apache2-dbgsym_2.4.18-2ubuntu3.10_arm64.ddeb e2ab170b7bd4b2b08cfc747051b692b500a031e7b4839a83b1e9a3424efe35bb 1116 apache2-dev-dbgsym_2.4.18-2ubuntu3.10_arm64.ddeb dc6e4031efa835fdf7505803708cfeb4ed357e1a6e85915b3934256aa62625b7 173536 apache2-dev_2.4.18-2ubuntu3.10_arm64.deb 5ee11b64d2047f1a3e8dcf8b03854288d773b5a029a16947e71b412a4792e13f 980 apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.10_arm64.ddeb c148d361943c8eb940bacf2a5ba6252bec9de5df5d289ba1d836444949142e65 14928 apache2-suexec-custom_2.4.18-2ubuntu3.10_arm64.deb ce685f45485cc05a868fb695bb6a704cfac4b6cbc40ccb4fa41fa897194a1be9 922 apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.10_arm64.ddeb 4357bac597e502bdd224c4ff013d29a9e4ba7f89ecf0b8fa3e3bb9fb764b4b06 13448 apache2-suexec-pristine_2.4.18-2ubuntu3.10_arm64.deb b8f45251008a6a5ab24c45ae280ea4fad0d399510ffbf26779a80d825d716130 1198 apache2-utils-dbgsym_2.4.18-2ubuntu3.10_arm64.ddeb 5b8d3bc38d48c0c5c06074d88c9dfb825e65075502ea3cf6897bd073f8c54241 78244 apache2-utils_2.4.18-2ubuntu3.10_arm64.deb b4e82a11c6fb75cc2a7b4d0ce4835415af36c967d8a94d82676dc261e4717f0e 86448 apache2_2.4.18-2ubuntu3.10_arm64.deb Files: 6a1ffee45558d6eb078a5e7d3613afe0 996 httpd extra apache2-bin-dbgsym_2.4.18-2ubuntu3.10_arm64.ddeb aed644539dc7d3dcf97d7b9f172be436 775172 httpd optional apache2-bin_2.4.18-2ubuntu3.10_arm64.deb e171226478cca219dfb8e2d92635d62c 2067394 debug extra apache2-dbg_2.4.18-2ubuntu3.10_arm64.deb e7c826cd734ac37360bd9c2b83b7c3c7 974 httpd extra apache2-dbgsym_2.4.18-2ubuntu3.10_arm64.ddeb ebaffc79cda65fc5aa0aed4fee6cbcbd 1116 httpd extra apache2-dev-dbgsym_2.4.18-2ubuntu3.10_arm64.ddeb 8da0db3b1506ccada6f2975f59996ba7 173536 httpd optional apache2-dev_2.4.18-2ubuntu3.10_arm64.deb 8b5f73e2926e7dfc7e1c22e425765d8d 980 httpd extra apache2-suexec-custom-dbgsym_2.4.18-2ubuntu3.10_arm64.ddeb 6f2df043844d53c52801256d70fa3f9c 14928 httpd extra apache2-suexec-custom_2.4.18-2ubuntu3.10_arm64.deb 9721cc7ba6ad1da6b2c78c1345103d71 922 httpd extra apache2-suexec-pristine-dbgsym_2.4.18-2ubuntu3.10_arm64.ddeb 0d315a3b600e3d1810e2eb1326b182d7 13448 httpd optional apache2-suexec-pristine_2.4.18-2ubuntu3.10_arm64.deb f7816ee954a16ed82df0de8d57603048 1198 httpd extra apache2-utils-dbgsym_2.4.18-2ubuntu3.10_arm64.ddeb 5ed5bbbe3db81017ad1c6b7001350290 78244 httpd optional apache2-utils_2.4.18-2ubuntu3.10_arm64.deb b5ccf370565b93cc30d6319602d5e7e8 86448 httpd optional apache2_2.4.18-2ubuntu3.10_arm64.deb Original-Maintainer: Debian Apache Maintainers