-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 23 Jul 2014 23:53:24 +0200 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: source amd64 all Version: 2.2.22-13+deb7u3 Distribution: wheezy-security Urgency: high Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Changes: apache2 (2.2.22-13+deb7u3) wheezy-security; urgency=high . * CVE-2014-0226: Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow. * CVE-2014-0231: mod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes filling up the scoreboard and eventually hanging the server. By default, the client I/O timeout (Timeout directive) now applies to communication with scripts. The CGIDScriptTimeout directive can be used to set a different timeout for communication with scripts. * CVE-2014-0118: mod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of sevice via highly compressed bodies. By default, LimitRequestBody is applied after decompression. Fine-tuning is possible with the new directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and DeflateInflateRatioBurst. Checksums-Sha1: 0c5197884d80f02772c1d0f58c93cfc056f59c0a 2899 apache2_2.2.22-13+deb7u3.dsc bf3bbfda967ac900348e697f26fe86b25695efe9 7200529 apache2_2.2.22.orig.tar.gz 3233da9581f77ec8cb38e4e528838f621d371d6f 213521 apache2_2.2.22-13+deb7u3.debian.tar.gz 8ee4837b99222efc7ae1db721d39d20149032fe2 292066 apache2.2-common_2.2.22-13+deb7u3_amd64.deb ee91b17180fbf938c740d7ca63e7919cfc612f6f 784934 apache2.2-bin_2.2.22-13+deb7u3_amd64.deb 31250fe73adbfc8930c18a73299d0227a7d34f13 2240 apache2-mpm-worker_2.2.22-13+deb7u3_amd64.deb 2582f2dbea7a841e636306b3583e68cc8565eea6 2348 apache2-mpm-prefork_2.2.22-13+deb7u3_amd64.deb 57553f4cb017503bb9b0f84fac2a47638fff0671 2306 apache2-mpm-event_2.2.22-13+deb7u3_amd64.deb e020d518c1a314b73e51c78c984fd3665ac82d09 2334 apache2-mpm-itk_2.2.22-13+deb7u3_amd64.deb b13cc79a3b6066bfc0536b1b57442fcae9393790 163202 apache2-utils_2.2.22-13+deb7u3_amd64.deb bbf8048922b36f5017deea35d379a6b3bf56be29 106680 apache2-suexec_2.2.22-13+deb7u3_amd64.deb 8f56297c70f41958836060b6e93749d6696b5102 108188 apache2-suexec-custom_2.2.22-13+deb7u3_amd64.deb df2d1a36be1025d8f2763f29bcaa0a2ef0c96d43 1436 apache2_2.2.22-13+deb7u3_amd64.deb 093c836eb817e7d4e2d4286f05fb7da72fb0f2d2 1774160 apache2-doc_2.2.22-13+deb7u3_all.deb 9878f0060f61c549791a5d0bb42b9fa061497a4e 114500 apache2-prefork-dev_2.2.22-13+deb7u3_amd64.deb 2af90ca051d3ca39d2082d34b7a5707161041516 115372 apache2-threaded-dev_2.2.22-13+deb7u3_amd64.deb e4d3436acb08f12a0ec95454a76d766b5d46a38d 1720524 apache2-dbg_2.2.22-13+deb7u3_amd64.deb Checksums-Sha256: f720ea82bb7b6d448f5f9346817f435eaa4cf91ca9c7091ed2630db455fcb4a0 2899 apache2_2.2.22-13+deb7u3.dsc 74c1ffffefe1a502339b004ad6488fbd858eb425a05968cd67c05695dbc0fe7c 7200529 apache2_2.2.22.orig.tar.gz 3b6bcc34ae33fd94f08be0d7a5d1d59a2a31b8a6bc7147ece7dcdb8314b78ef8 213521 apache2_2.2.22-13+deb7u3.debian.tar.gz de75d6a6d2e2164dad463726164f1542d1e8993975e25567a06f4101c8f068d3 292066 apache2.2-common_2.2.22-13+deb7u3_amd64.deb 8a56498d85ca47db5e48906571249da8de57bf3f78b63191374a081a1b58f60b 784934 apache2.2-bin_2.2.22-13+deb7u3_amd64.deb cb430ddee4b4bd34043da2aa102a7015271168ef73de9d35af0b4e0cdb1530e0 2240 apache2-mpm-worker_2.2.22-13+deb7u3_amd64.deb 8646cb251316630321abc4d9421d732f3f9351e6423d0005e901f6b01791471e 2348 apache2-mpm-prefork_2.2.22-13+deb7u3_amd64.deb 9a152e266398ed4cc52fb8cd2dda16d82493f2ebbbbfbea31ebf4f10009df63a 2306 apache2-mpm-event_2.2.22-13+deb7u3_amd64.deb 9775e7db86d201fbe44f5e359cfee4e59eed82266fd1e1123b673d8e87a97934 2334 apache2-mpm-itk_2.2.22-13+deb7u3_amd64.deb b63ef7ed6eea550ca2a6f715643ecd0303eb481bb4983eabc5673e310b83369f 163202 apache2-utils_2.2.22-13+deb7u3_amd64.deb 27805123bb912de24afa34ab0aa9f11275f3db10f54de0f52c6645f21cd73df1 106680 apache2-suexec_2.2.22-13+deb7u3_amd64.deb d2ed80097234b6fea53e6fdca3a50b608319380d553bc129ea5bbdc88ea3d921 108188 apache2-suexec-custom_2.2.22-13+deb7u3_amd64.deb f24716945b5bbb92b0ab7ee1947be41681cdb379d211455f4b1446d33dabe689 1436 apache2_2.2.22-13+deb7u3_amd64.deb e5e53a6e908eadb48a6ca5a0774682c1fe45c2a491a1f52205d414cf334f0619 1774160 apache2-doc_2.2.22-13+deb7u3_all.deb 819e91e37b0575532cfa9f4f2fcefe34b6a53a42d93d53d83b7280c05a56dea0 114500 apache2-prefork-dev_2.2.22-13+deb7u3_amd64.deb a1932ffcad0020154ed8d5176f00412df5601aa6b3f54532a18d6e398791c39a 115372 apache2-threaded-dev_2.2.22-13+deb7u3_amd64.deb a2a947aca4fe83172a81d8afd882915aaeb82ecc952fa0aae4cf44ed484722ed 1720524 apache2-dbg_2.2.22-13+deb7u3_amd64.deb Files: 5d38b41a1c3a7d107e21fbb48fc40d43 2899 httpd optional apache2_2.2.22-13+deb7u3.dsc d77fa5af23df96a8af68ea8114fa6ce1 7200529 httpd optional apache2_2.2.22.orig.tar.gz 9420497ae2971a4cd03836b0d985defc 213521 httpd optional apache2_2.2.22-13+deb7u3.debian.tar.gz 727fde0474593e78cae909e35b80a9aa 292066 httpd optional apache2.2-common_2.2.22-13+deb7u3_amd64.deb 144255c1089a4443031724a3f389e077 784934 httpd optional apache2.2-bin_2.2.22-13+deb7u3_amd64.deb 89543b95a11c9a227340bfc82d995d5e 2240 httpd optional apache2-mpm-worker_2.2.22-13+deb7u3_amd64.deb 2262e08f7db997c8445f891f6abf017b 2348 httpd optional apache2-mpm-prefork_2.2.22-13+deb7u3_amd64.deb bca3e1dc2128b812fc48035cee3a1b9a 2306 httpd optional apache2-mpm-event_2.2.22-13+deb7u3_amd64.deb debec598eaaf8aa3efe25c25f6ce9245 2334 httpd extra apache2-mpm-itk_2.2.22-13+deb7u3_amd64.deb 824986608715d108d2ff62fbc4d0f211 163202 httpd optional apache2-utils_2.2.22-13+deb7u3_amd64.deb 81af91ec720354bedb827090f9612df4 106680 httpd optional apache2-suexec_2.2.22-13+deb7u3_amd64.deb 63a17705baa8a4e560919f4222d2a37e 108188 httpd extra apache2-suexec-custom_2.2.22-13+deb7u3_amd64.deb 23f9e95109be08599f8eb407f6cae205 1436 httpd optional apache2_2.2.22-13+deb7u3_amd64.deb 9183184c585b744793e4cf60d8529f69 1774160 doc optional apache2-doc_2.2.22-13+deb7u3_all.deb 9cb84134fbcc576b7350f0862ec30eab 114500 httpd extra apache2-prefork-dev_2.2.22-13+deb7u3_amd64.deb d7693d1feba281daef2b25c3a74a993b 115372 httpd extra apache2-threaded-dev_2.2.22-13+deb7u3_amd64.deb 0f82e6b792655fc89dbcd4b687010372 1720524 debug extra apache2-dbg_2.2.22-13+deb7u3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBU9EnsMaHXzVBzv3gAQgyQw/+L2S6DWDum0YJqtMJU2HuED7xFcMjDqdR XbaDacOtsA13pHv0in59+51BblMc1XOfTzA9McTvkM5yeLudpoeidBVm6pBajkHr bdP1q867vJgIlq/BioJXYzwXaO4LqR+xpAwd4NOh9nBSxUw7apXkQ0ItlBA/kdNC /TkAEhju5rrU20Gc/o0XAAGwJ3A475ysMzJORYZYLjSv+08Yu/7Bkgak1KwO2WjC ZSIi64kXFH6crIrnPzm0+3aCbA4pvBzxdWxrOjgcO3J1QRR6dn9SIpZ5ZiRNsCoS 0Fo7OfJeZl/2tMetkxv9BJUdBS36sd9uxirMfai13ckVwZH85PChx2u7Nt5+BUXH 8mM98+lu9jLNNSkP7qhZQ7cR3M7id4f3En5k0pzlHMXDjFFYszmJxI0CstTx1Auh bfiZcJwCR4WEWKxWeA4F+CoZOMRQdJwfRWWfYOPVRH0oELxYEf41utnixHemNddZ 7eB7pJtxLVETDFQNpL+bljDCWAPg6unpzaz9t1RG+Q9fj3AM0IUTi6j5NC84uCGs 4dNFTJRmUANR2qB8Jpw664qLHFa9SRuSJshAaIOFxECPk5ewSshpq1X1DLmFsIGe lDgJrqwmi3a9w2x4nS3BvZhN4Fh+nbeaguaJFOaxpTwami+owxE3KRoZa1pzF/VC KqTv7bsLrlU= =qwEo -----END PGP SIGNATURE-----