Univention Bugzilla – Bug 40929
apache2: Multiple issues (4.1)
Last modified: 2016-10-05 12:46:45 CEST
The apache2 package in ucs_4.1-0 should also get fixed. +++ This bug was initially created as a clone of Bug #39066 +++ * HTTP request smuggling attack against chunked request parser, allowing cache poisoning or credential hijacking if an intermediary proxy is in use (CVE-2015-3183) Fixed upstream in Debian package version 2.2.22-13+deb7u5.
The package has been rebuilt with the additional Debian patches from deb7u6. Advisory: apache2.yaml
OK: advisory OK: automated tests: "ucs-test -s apache -E dangerous" (except for 20_ssl-protocols and 21_ssl-ciphers which are not adapted to current openssl compile time settings)
<http://errata.software-univention.de/ucs/4.1/140.html>