Univention Bugzilla – Bug 48588
apache2: Multiple issues (4.2)
Last modified: 2019-02-06 12:55:57 CET
New Debian apache2 2.4.10-10+deb8u13A~4.2.5.201902040820 fixes: This update addresses the following issue: * mod_session_cookie does not respect expiry time (CVE-2018-17199)
--- mirror/ftp/4.2/unmaintained/4.2-4/source/apache2_2.4.10-10+deb8u12A~4.2.3.201804040747.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/apache2_2.4.10-10+deb8u13A~4.2.5.201902040820.dsc @@ -1,10 +1,17 @@ -2.4.10-10+deb8u12A~4.2.3.201804040747 [Wed, 04 Apr 2018 16:39:13 +0200] Univention builddaemon <buildd@univention.de>: +2.4.10-10+deb8u13A~4.2.5.201902040820 [Mon, 04 Feb 2019 08:20:42 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 05-autostart-setting 10-apache2-reload 20-no-proxy +2.4.10-10+deb8u13 [Tue, 29 Jan 2019 19:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2018-17199 + In order to not ignore expire time of cookies, always decode session + attributes early. + 2.4.10-10+deb8u12 [Sat, 31 Mar 2018 11:31:57 +0200] Stefan Fritsch <sf@debian.org>: * CVE-2017-15710: mod_authnz_ldap: Out of bound write in mod_authnz_ldap <http://10.200.17.11/4.2-5/#4826686845409483769>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 870f476a38 Bug #48588: apache2 2.4.10-10+deb8u13A~4.2.5.201902040820 doc/errata/staging/apache2.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<http://errata.software-univention.de/ucs/4.2/589.html>