[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 71-1] apache2 security update

Package        : apache2
Version        : 2.2.16-6+squeeze14
CVE ID         : CVE-2013-5704 CVE-2014-3581

This update fixes two security issues with apache2.


    Disable the possibility to replace HTTP headers with HTTP trailers
    as this could be used to circumvent earlier header operations made by
    other modules. This can be restored with a new MergeTrailers


    Fix denial of service where Apache can segfault when mod_cache is used
    and when the cached request contains an empty Content-Type header.

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Attachment: signature.asc
Description: Digital signature

Reply to: