ubuntu/+source/apache2:applied/ubuntu/xenial-security

Last commit made on 2018-04-19
Get this branch:
git clone -b applied/ubuntu/xenial-security https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/xenial-security
Repository:
lp:ubuntu/+source/apache2

Recent commits

b5d462c... by Marc Deslauriers on 2018-04-18

Import patches-applied version 2.4.18-2ubuntu3.8 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: c5c1fc6a98a5b18c3081d59f43f062c4d48ebe91
Unapplied parent: e2adc132f8895073c019e5603682b48096301441

New changelog entries:
  * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
    - debian/patches/CVE-2017-15710.patch: fix language long names
      detection as short name in modules/aaa/mod_authnz_ldap.c.
    - CVE-2017-15710
  * SECURITY UPDATE: incorrect <FilesMatch> matching
    - debian/patches/CVE-2017-15715-pre.patch: add ap_cstr_casecmp[n]() to
      include/httpd.h, server/util.c.
    - debian/patches/CVE-2017-15715.patch: allow to configure
      global/default options for regexes, like caseless matching or
      extended format in include/ap_regex.h, server/core.c,
      server/util_pcre.c.
    - CVE-2017-15715
  * SECURITY UPDATE: mod_session header manipulation
    - debian/patches/CVE-2018-1283.patch: strip Session header when
      SessionEnv is on in modules/session/mod_session.c.
    - CVE-2018-1283
  * SECURITY UPDATE: DoS via specially-crafted request
    - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
      terminated on any error, not only on buffer full in
      server/protocol.c.
    - CVE-2018-1301
  * SECURITY UPDATE: mod_cache_socache DoS
    - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
      to carriage return in modules/cache/mod_cache_socache.c.
    - CVE-2018-1303
  * SECURITY UPDATE: insecure nonce generation
    - debian/patches/CVE-2018-1312.patch: actually use the secret when
      generating nonces in modules/aaa/mod_auth_digest.c.
    - CVE-2018-1312

e2adc13... by Marc Deslauriers on 2018-04-18

fix insecure nonce generation

Gbp-Pq: CVE-2018-1312.patch.

99df621... by Marc Deslauriers on 2018-04-18

fix mod_cache_socache DoS

Gbp-Pq: CVE-2018-1303.patch.

80d19e3... by Marc Deslauriers on 2018-04-18

fix DoS via specially-crafted request

Gbp-Pq: CVE-2018-1301.patch.

4728ccb... by Marc Deslauriers on 2018-04-18

fix mod_session header manipulation

Gbp-Pq: CVE-2018-1283.patch.

dc04581... by Marc Deslauriers on 2018-04-18

fix incorrect <FilesMatch> matching

Gbp-Pq: CVE-2017-15715.patch.

0d0a542... by Marc Deslauriers on 2018-04-18

add ap_cstr_casecmp[n]()

Gbp-Pq: CVE-2017-15715-pre.patch.

9aeef60... by Marc Deslauriers on 2018-04-18

fix DoS via missing header with AuthLDAPCharsetConfig

Gbp-Pq: CVE-2017-15710.patch.

162e9c7... by Marc Deslauriers on 2018-04-18

[PATCH] Merge r1824811 from trunk:

Gbp-Pq: util_ldap_cache_lock_fix.patch.

3a2fa86... by Marc Deslauriers on 2018-04-18

fix optionsbleed information leak

Gbp-Pq: CVE-2017-9798.patch.