UbuntuUpdates.org

Package "apache2-suexec-custom"

Name: apache2-suexec-custom

Description:

Apache HTTP Server configurable suexec program for mod_suexec

Latest version: 2.4.18-2ubuntu3.17
Release: xenial (16.04)
Level: updates
Repository: universe
Head package: apache2
Homepage: http://httpd.apache.org/

Links


Download "apache2-suexec-custom"


Other versions of "apache2-suexec-custom" in Xenial

Repository Area Version
base universe 2.4.18-2ubuntu3
security universe 2.4.18-2ubuntu3.17

Changelog

Version: 2.4.18-2ubuntu3.17 2020-08-13 16:07:23 UTC

  apache2 (2.4.18-2ubuntu3.17) xenial-security; urgency=medium

  * SECURITY UPDATE: mod_rewrite redirect issue
    - debian/patches/CVE-2020-1927-1.patch: factor out default regex flags
      in include/ap_regex.h, server/core.c, server/util_pcre.c.
    - debian/patches/CVE-2020-1927-2.patch: add AP_REG_NO_DEFAULT to allow
      opt-out of pcre defaults in include/ap_regex.h,
      modules/filters/mod_substitute.c, server/util_pcre.c,
      server/util_regex.c.
    - CVE-2020-1927
  * SECURITY UPDATE: mod_proxy_ftp uninitialized memory issue
    - debian/patches/CVE-2020-1934.patch: trap bad FTP responses in
      modules/proxy/mod_proxy_ftp.c.
    - CVE-2020-1934

 -- Marc Deslauriers <email address hidden> Wed, 12 Aug 2020 17:35:50 -0400

Source diff to previous version
CVE-2020-1927 In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded new
CVE-2020-1934 In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

Version: 2.4.18-2ubuntu3.15 2020-07-08 00:06:16 UTC

  apache2 (2.4.18-2ubuntu3.15) xenial; urgency=medium

  * d/p/lp-1875299-Merge-r1688399-from-trunk.patch: use r_useragent_addr as
    the root trusted address (LP: #1875299)

 -- Christian Ehrhardt <email address hidden> Mon, 15 Jun 2020 16:09:55 +0200

Source diff to previous version
1875299 Apache's mod_remoteip: IP address spoofing via X-Forwarded-For when mod_rewrite rule is triggered

Version: 2.4.18-2ubuntu3.14 2019-10-16 06:06:51 UTC

  apache2 (2.4.18-2ubuntu3.14) xenial; urgency=medium

  * Backport mod_reqtimeout with handshake support (LP: #1846138)
    - d/p/0001-mod-reqtimeout-revent-long-response-times.patch
    - d/p/0002-mod_reqtimeout-fix-body-timeout-disabling-for-CONNECT-request.patch
    - d/p/0003-mod_reqtimeout-Merge-r1853901-r1853906-r1853908-r1853929-r1853935-r.patch

 -- Jesse Williamson <email address hidden> Tue, 08 Oct 2019 13:31:25 +0000

Source diff to previous version
1846138 backport mod_reqtimeout with handshake support

Version: 2.4.18-2ubuntu3.13 2019-09-17 14:06:48 UTC

  apache2 (2.4.18-2ubuntu3.13) xenial-security; urgency=medium

  * SECURITY REGRESSION: mod_proxy balancer XSS/CSRF hardening broke
    browsers which change case in headers and breaks balancers
    loading in some configurations (LP: #1842701)
    - drop d/p/CVE-2019-10092-3.patch

 -- Steve Beattie <email address hidden> Mon, 16 Sep 2019 06:13:53 -0700

Source diff to previous version
1842701 Apache2 Balancer Manager mod_proxy_balancer not working after Update
CVE-2019-10092 Limited cross-site scripting in mod_proxy

Version: 2.4.18-2ubuntu3.12 2019-08-29 23:06:21 UTC

  apache2 (2.4.18-2ubuntu3.12) xenial-security; urgency=medium

  * SECURITY UPDATE: Limited cross-site scripting in mod_proxy
    error page.
    - d/p/CVE-2019-10092-1.patch: Remove request details from built-in
      error documents.
    - d/p/CVE-2019-10092-2.patch: Add missing log numbers.
    - d/p/CVE-2019-10092-3.patch: mod_proxy: Improve XSRF/XSS
      protection.
    - CVE-2019-10092
  * SECURITY UPDATE: mod_rewrite potential open redirect.
    - d/p/CVE-2019-10098.patch: Set PCRE_DOTALL by default.
    - CVE-2019-10098

 -- Steve Beattie <email address hidden> Mon, 26 Aug 2019 06:43:29 -0700

CVE-2019-10092 Limited cross-site scripting in mod_proxy
CVE-2019-10098 mod_rewrite configurations vulnerable to open redirect



About   -   Send Feedback to @ubuntu_updates