[SECURITY] [DLA 1028-1] apache2 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : apache2
Version : 2.2.22-13+deb7u10
CVE ID : CVE-2017-9788
Debian Bug : #868467
Robert Święcki discovered that the value placeholder in [Proxy-]Authorization
Digest headers were not initialized or reset before or between successive
key=value assignments in Apache 2's mod_auth_digest module
Providing an initial key with no '=' assignment could reflect the stale value
of uninitialized pool memory used by the prior request leading to leakage of
potentially confidential information and a segfault.
For Debian 7 "Wheezy", this issue has been fixed in apache2 version
2.2.22-13+deb7u10.
We recommend that you upgrade your apache2 packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAllsbn0ACgkQHpU+J9Qx
Hlgj4A/8Dugh3HGRoCDhin6P1OwryR7uMlc662kIpLdmDh2R2UMpcN49Lcz8HElI
fSI32flbBGdhI5pj8vHRioXkJi4KrTHKxTo2n4vMXtJ6qYBogI+txMr78Cq1Gh0J
yhA+06d+Cc/QbwYMc+owj1OHxQZzCT1eaBtLCao2Ay71TA65wrC/WICdhStrOhOr
L5BCgmdltZ4aERw72zCOFe/FrMiEh53Nhw7ZHXw51ul/jnvZL70LzUs0OBnC9cyU
EdNnhILL9OUma1JlEtpjnh2HoJ+KxCm1FcNZppWZHhGSVd8Au3vfGQz7lNsUV+Dr
JNC49skYvugyYiPu/mmI+W8ouuWiReLyYwzW/dHDxYNTNCH3deLIDXoT5AlAllkX
hxeywvsixjniPTFaCezuoaSdIU6/UI4PVulnSnq2UMRZucyNRU5vkXCqrFT5U6hH
9DHd7DKgvZy+f/wcM00YzoLlfWFdIcdYrGHQXHIJOljUyO/RyQPsU57UwIbfXHzd
H+Bzvs09aV5OqaC7Ko6sV9Z+FYap1N/Y3jQ8fzEUKaq7N67wqt7iWLKk+vpl26Hk
5jrW9rozDCyW+qkM4ji7zq/8b0SzI/qbyH2Eei576Q0BIGbACDHHnfnu/OBiwW3n
TAOlXzRzF+ubJg/229kLZu2fjI0VcNADyZMuv4VtjqCGNRKm0GY=
=ge+I
-----END PGP SIGNATURE-----
Reply to: