enterprise-support team mailing list archive

Thread
Date

[Question #615421]: Is CVE-2016-8743 fixed in Apache 2.4.18

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Brent Shinn <question615421@xxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 07 Apr 2017 21:17:54 -0000
Reply-to: question615421@xxxxxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

New question #615421 on apache2 in Ubuntu:
https://answers.launchpad.net/ubuntu/+source/apache2/+question/615421

My vulnerability scans come up with:

Apache HTTPD: Apache HTTP Request Parsing Whitespace Defects (CVE-2016-8743)

Then it recommends that we upgrade to Apache 2.4.25 where this problem is corrected. One of the developers here said that Canonical has probably aleady fixed this in 2.4.18, but I can find any information to corroborate that.

Is (CVE-2016-8743) fixed in 2.4.18, or should I just upgrade Apache to 2.4.25?


-- 
You received this question notification because your team Ubuntu
Server/Client Support Team is an answer contact for apache2 in Ubuntu.