enterprise-support team mailing list archive
-
enterprise-support team
-
Mailing list archive
-
Message #04127
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
This bug was fixed in the package apache2 - 2.4.7-1ubuntu4.4
---------------
apache2 (2.4.7-1ubuntu4.4) trusty-security; urgency=medium
* SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
- debian/patches/CVE-2013-5704.patch: don't merge trailers by default
and add a "MergeTrailers" directive to revert to previous behaviour
to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
modules/http/http_request.c, modules/loggers/mod_log_config.c,
modules/proxy/mod_proxy_http.c, server/core.c, server/protocol.c.
- CVE-2013-5704
* SECURITY UPDATE: mod_cache denial of service via empty HTTP
Content-Type header
- debian/patches/CVE-2014-3581.patch: check for NULL in
modules/cache/cache_util.c.
- CVE-2014-3581
-- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx> Tue, 10 Mar 2015 07:42:50 -0400
** Changed in: apache2 (Ubuntu Trusty)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-5704
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3581
--
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1366174
Title:
apache2 SEGV with multiple SSL sites
To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1366174/+subscriptions
References