[SECURITY] [DLA 1900-1] apache2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1900-1] apache2 security update
From: Markus Koschany <apo@debian.org>
Date: Thu, 29 Aug 2019 00:39:55 +0200
Message-id: <[🔎] 340d1b67-d8fb-f41e-174f-96d8c4a2ae0a@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : apache2
Version        : 2.4.10-10+deb8u15
CVE ID         : CVE-2019-10092 CVE-2019-10098

Two security vulnerabilities were found in the Apache HTTP server.

CVE-2019-10092

   Matei "Mal" Badanoiu reported a limited cross-site scripting
   vulnerability in the mod_proxy error page.

CVE-2019-10098

   Yukitsugu Sasaki reported a potential open redirect vulnerability in
   the mod_rewrite module.

For Debian 8 "Jessie", these problems have been fixed in version
2.4.10-10+deb8u15.

We recommend that you upgrade your apache2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl1nArtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTiWA/9HhnQxg/64F2WiZTSTF/TsZTrP5ghJJAnmU5baBn0U0sO25C84wJStr8P
2mTCj8qINLCauTfw/V3vne+ULUxAVFT8r6OwzRGsm00CKe/ReUUnZjKcE78H0WWZ
JJ12Hll3npJFBOei32igVmw0r1UgnZO1La01IdVBs+ZREInWhOsJbkVWGVTl+KD+
9rdEvpOQJrlI08gioG+ymmrioI1kf8YYzIcVhP2yEdfo0Q0hsU8teLtZQRXF+vdV
H0GVMdHxPS73kYAGsSAD/LGwyNEn+Bq/o0uQT0WB5rAIPaAQ9z+GS5h2S1v0MVGg
FbI0mfstnI2IZrL3mP+PSC+Uvfu8PrAHUfNZICLvC8S3SPZmcFrRF9+CLQsdBDWz
ErKfC7RCxS25ZzuA8WnuB+hqu8OrQA9myPejDD0l0oKXvanGDtMaCMMB+qV1YjHe
a/QjsWsOuPS8u1M0CQr0C3Dsvaqi8024d44qSoTOKMXOhyfSSesMwkhB0hbH2RAh
oFe4U4Rpy3N7Ed2djkANHGUeE+8RpLN0cBFVWStXCXBDQplUZoNL2K3LTWgW0EUW
5bAZEWahPbTRoS2QCTAyLCOSFxD1i3NljSUGJOA7enVdSltzwDqAXqE4k6Ov769F
e+whefRBMWX0G5oeiGUy7hUZ0NLHAesscnkGJfQCCBxvW1s76oY=
=e/fc
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1899-1] faad2 security update
Next by Date: [SECURITY] [DLA 1901-1] dovecot security update
Previous by thread: [SECURITY] [DLA 1899-1] faad2 security update
Next by thread: [SECURITY] [DLA 1901-1] dovecot security update
Index(es):
- Date
- Thread