This was fixed for Ubuntu 8.04 LTS (hardy) in 2.2.8-1ubuntu0.22 as
referred to in USN http://www.ubuntu.com/usn/usn-1259-1 ; closing.
** Changed in: apache2 (Ubuntu Hardy)
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server
This bug was fixed in the package apache2 - 2.2.20-1ubuntu1.1
---
apache2 (2.2.20-1ubuntu1.1) oneiric-security; urgency=low
* SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
- debian/patches/212_CVE-2011-3368.dpatch: return 400
on invalid requests. (patch
This bug was fixed in the package apache2 - 2.2.17-1ubuntu1.4
---
apache2 (2.2.17-1ubuntu1.4) natty-security; urgency=low
* SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
- debian/patches/212_CVE-2011-3368.dpatch: return 400
on invalid requests. (patch
This bug was fixed in the package apache2 - 2.2.16-1ubuntu3.4
---
apache2 (2.2.16-1ubuntu3.4) maverick-security; urgency=low
* SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
- debian/patches/212_CVE-2011-3368.dpatch: return 400
on invalid requests. (patch
This bug was fixed in the package apache2 - 2.2.14-5ubuntu8.7
---
apache2 (2.2.14-5ubuntu8.7) lucid-security; urgency=low
[ Michael Jeanson ]
* SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
- debian/patches/212_CVE-2011-3368.dpatch: return 400
on
** Branch linked: lp:ubuntu/lucid-security/apache2
** Branch linked: lp:ubuntu/maverick-security/apache2
** Branch linked: lp:ubuntu/natty-security/apache2
** Branch linked: lp:ubuntu/oneiric-security/apache2
--
You received this bug notification because you are a member of Ubuntu
Server
** Branch linked: lp:ubuntu/lucid-updates/apache2
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/877740
Title:
CVE-2011-3368 Apache2 mod_proxy reverse proxy exposure
To manage
My bad, sorry if anyone tried this package, I had only tested on hardy.
I uploaded a fixed package to my ppa.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/877740
Title:
Thanks, Michael, I expect packages to go out in the next couple of days.
FYI, the lucid debdiff you posted did not include an edit to
debian/patches/00list, so I don't believe it's getting applied in your
ppa build.
--
You received this bug notification because you are a member of Ubuntu
Server
I built a fixed package for hardy in my ppa (2.2.8-1ubuntu0.22~ppa1) and
tested it in our environment, I confirm it fixes the exploit.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
Debdiff for lucid, also available in my ppa.
** Patch added: apache2_2.2.14-5ubuntu8.7.debdiff
https://bugs.launchpad.net/ubuntu/hardy/+source/apache2/+bug/877740/+attachment/2560947/+files/apache2_2.2.14-5ubuntu8.7.debdiff
--
You received this bug notification because you are a member of
Debdiff for hardy, including patch from
http://www.apache.org/dist/httpd/patches/apply_to_2.2.21/CVE-2011-3368.patch
** Patch added: apache2_2.2.8-1ubuntu0.22.debdiff
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/877740/+attachment/2558586/+files/apache2_2.2.8-1ubuntu0.22.debdiff
--
** Also affects: apache2 (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: apache2 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: apache2 (Ubuntu Natty)
Importance: Undecided
Status: New
** Also affects: apache2 (Ubuntu Maverick)
This was fixed in precise in 2.2.21-2ubuntu1 (see bug 872000). Assigning
the other releases to myself.
** Changed in: apache2 (Ubuntu)
Status: New = Fix Released
** Changed in: apache2 (Ubuntu Hardy)
Status: New = In Progress
** Changed in: apache2 (Ubuntu Lucid)
Status:
14 matches
Mail list logo