Package : apache2 Version : 2.2.16-6+squeeze14 CVE ID : CVE-2013-5704 CVE-2014-3581
This update fixes two security issues with apache2.
Disable the possibility to replace HTTP headers with HTTP trailers as this could be used to circumvent earlier header operations made by other modules. This can be restored with a new MergeTrailers directive.
Fix denial of service where Apache can segfault when mod_cache is used and when the cached request contains an empty Content-Type header.
-- Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/