Lucene search

K
debianDebianDEBIAN:DLA-841-2:98C98
HistoryJul 29, 2017 - 5:41 p.m.

[SECURITY] [DLA 841-2] apache2 regression update

2017-07-2917:41:52
lists.debian.org
27

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.2%

Package : apache2
Version : 2.2.22-13+deb7u11
CVE ID : CVE-2015-0253 CVE-2016-8743
Debian Bug : 858373

The fix for CVE-2016-8743 introduced a regression which would segfault
apache workers under certain conditions (#858373), an issue similar to
previously fixed CVE-2015-0253.

The issue was introduced in DLA-841-1 and the associated
2.2.22-13+deb7u8 package version. For Debian 7 "Wheezy", these
problems have been fixed in version 2.2.22-13+deb7u11.

We recommend that you upgrade your apache2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.2%

Related for DEBIAN:DLA-841-2:98C98