UbuntuUpdates.org

Package "libapache2-mod-perl2-dev"

Name: libapache2-mod-perl2-dev

Description:

Integration of perl with the Apache2 web server - development files

Latest version: 2.0.9-4ubuntu1.2
Release: xenial (16.04)
Level: updates
Repository: main
Head package: libapache2-mod-perl2
Homepage: http://perl.apache.org/

Links


Download "libapache2-mod-perl2-dev"


Other versions of "libapache2-mod-perl2-dev" in Xenial

Repository Area Version
base main 2.0.9-4ubuntu1
security main 2.0.9-4ubuntu1.2

Changelog

Version: 2.0.9-4ubuntu1.2 2018-11-21 18:06:20 UTC

  libapache2-mod-perl2 (2.0.9-4ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: arbitrary perl code execution via .htaccess file
    - debian/patches/CVE-2011-2767.patch: only allow perl and pod sections
      in server configuration and not per directory in
      src/modules/perl/mod_perl.c.
    - CVE-2011-2767

 -- Marc Deslauriers <email address hidden> Thu, 15 Nov 2018 08:54:13 -0500

Source diff to previous version
CVE-2011-2767 mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the do

Version: 2.0.9-4ubuntu1.1 2018-08-02 22:06:50 UTC

  libapache2-mod-perl2 (2.0.9-4ubuntu1.1) xenial; urgency=medium

  * Pull fixes from Debian's package 2.0.10-2 for the DEP8 tests that started
    failing after the CVE-2016-8743 fix for apache2 (LP: #1779400):
    - debian/patches/370_http_syntax.patch: [PATCH 1/2] Fix
      t/apache/read.t HTTP syntax for Apache 2.4.24.
    - debian/patches/380_inject_header_line_terminators.patch: [PATCH 2/2]
      Fix in_bbs_inject_header line terminators for Apache.

 -- Andreas Hasenack <email address hidden> Fri, 29 Jun 2018 15:48:39 -0300

1779400 DEP8 fixes for xenial
CVE-2016-8743 Apache HTTP Request Parsing Whitespace Defects



About   -   Send Feedback to @ubuntu_updates