SUSE SLES12 Security Update : Recommended update for apache2 (SUSE-SU-2017:2449-1)

This update for apache2 provides the following fixes: Security issues fixed : - CVE-2017-9788: The value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '...

SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:1997-1)

This update provides apache2 2.2.34, which brings many fixes and enhancements: Security issues fixed : - CVE-2017-9788: Uninitialized memory reflection in modauthdigest. bsc1048576 Bug fixes : - Remove /usr/bin/http2 link only during package uninstall, not upgrade. bsc1041830 - Don't put the...

openSUSE Security Update : apache2 (openSUSE-2017-865)

This update for apache2 fixes the following issues : Security issue fixed : - CVE-2017-9788: Uninitialized memory reflection in modauthdigest. bsc1048576 Bug fixes : - Include individual sysconfig.d files instead of the whole sysconfig.d directory. - Include sysconfig.d/include.conf after...

[SECURITY] [DLA 841-2] apache2 regression update

Package : apache2 Version : 2.2.22-13+deb7u11 CVE ID : CVE-2015-0253 CVE-2016-8743 Debian Bug : 858373 The fix for CVE-2016-8743 introduced a regression which would segfault apache workers under certain conditions 858373, an issue similar to previously fixed CVE-2015-0253. The issue was introduce...

DLA-841-2 apache2 - regression update

Bulletin has no description...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:1961-1)

This update for apache2 fixes the following issues: Security issue fixed : - CVE-2017-9788: Uninitialized memory reflection in modauthdigest. bsc1048576 Bug fixes : - Include individual sysconfig.d files instead of the whole sysconfig.d directory. - Include sysconfig.d/include.conf after httpd.co...

Debian DSA-3913-1 : apache2 - security update

Robert Swiecki reported that modauthdigest does not properly initialize or reset the value placeholder in Proxy-Authorization headers of type 'Digest' between successive key=value assignments, leading to information disclosure or denial of service. %NASLMINLEVEL 70300 C Tenable Network Security,...

[SECURITY] [DSA 3913-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3913-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 18, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3913-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3913-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 18, 2017 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3913-1 (apache2 - security update)

Robert Swiecki reported that modauthdigest does not properly initialize or reset the value placeholder in Proxy-Authorization headers of type Digest between successive key=value assignments, leading to information disclosure or denial of service. OpenVAS Vulnerability Test $Id: deb3913.nasl 6800...

Debian DLA-1028-1 : apache2 security update

Robert Swiecki discovered that the value placeholder in Proxy-Authorization Digest headers were not initialized or reset before or between successive key=value assignments in Apache 2's modauthdigest module Providing an initial key with no '=' assignment could reflect the stale value of...

[SECURITY] [DLA 1028-1] apache2 security update

Package : apache2 Version : 2.2.22-13+deb7u10 CVE ID : CVE-2017-9788 Debian Bug : 868467 Robert Święcki discovered that the value placeholder in Proxy-Authorization Digest headers were not initialized or reset before or between successive key=value assignments in Apache 2s modauthdigest module...

DLA-1028-1 apache2 - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3913-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : apache2 (openSUSE-2017-786)

This update for apache2 provides the following fixes : Security issues fixed : - CVE-2017-3167: In Apache use of httpd apgetbasicauthpw outside of the authentication phase could lead to authentication requirements bypass bsc1045065 - CVE-2017-3169: In modssl may have a dereference NULL pointer...

Debian DLA-1009-1 : apache2 security update

Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167 Emmanuel Dreyfus reported that the use of apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. CVE-2017-3169 Vasileios Panopoulos of...

[SECURITY] [DLA 1009-1] apache2 security update

Package : apache2 Version : 2.2.22-13+deb7u9 CVE ID : CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167 Emmanuel Dreyfus reported that the use of apgetbasicauthpw by third-party modules outside of the...

DLA-1009-1 apache2 - security update

Bulletin has no description...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:1714-1)

This update for apache2 provides the following fixes: Security issues fixed : - CVE-2017-3167: In Apache use of httpd apgetbasicauthpw outside of the authentication phase could lead to authentication requirements bypass bsc1045065 - CVE-2017-3169: In modssl may have a dereference NULL pointer iss...

Ubuntu: Security Advisory (USN-3340-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...