[SECURITY] [DLA 71-1] apache2 security update

2014-10-16T10:10:48
ID DEBIAN:DLA-71-1:FFC5F
Type debian
Reporter Debian
Modified 2014-10-16T10:10:48

Description

Package : apache2 Version : 2.2.16-6+squeeze14 CVE ID : CVE-2013-5704 CVE-2014-3581

This update fixes two security issues with apache2.

CVE-2013-5704

Disable the possibility to replace HTTP headers with HTTP trailers
as this could be used to circumvent earlier header operations made by
other modules. This can be restored with a new MergeTrailers
directive.

CVE-2014-3581

Fix denial of service where Apache can segfault when mod_cache is used
and when the cached request contains an empty Content-Type header.

-- Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/