This bug was fixed in the package apache2 - 2.4.10-1ubuntu1.1 --------------- apache2 (2.4.10-1ubuntu1.1) utopic-security; urgency=medium
* SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141) - debian/patches/CVE-2013-5704.patch: don't merge trailers by default and add a "MergeTrailers" directive to revert to previous behaviour to include/http_core.h, include/httpd.h, modules/http/http_filters.c, modules/http/http_request.c, modules/loggers/mod_log_config.c, modules/proxy/mod_proxy_http.c, server/core.c, server/protocol.c. - CVE-2013-5704 * SECURITY UPDATE: mod_cache denial of service via empty HTTP Content-Type header - debian/patches/CVE-2014-3581.patch: check for NULL in modules/cache/cache_util.c. - CVE-2014-3581 * SECURITY UPDATE: mod_proxy_fcgi deial of service via long response headers - debian/patches/CVE-2014-3583.patch: properly handle length in modules/aaa/mod_authnz_fcgi.c, modules/proxy/mod_proxy_fcgi.c. - CVE-2014-3583 * SECURITY UPDATE: restriction bypass in mod_lua via multiple Require directives - debian/patches/CVE-2014-8109.patch: handle multiple Require directives with different arguments in modules/lua/mod_lua.c. - CVE-2014-8109 * SECURITY UPDATE: denial of service in mod_lua via websockets PING - debian/patches/CVE-2015-0228.patch: fix logic in modules/lua/lua_request.c. - CVE-2015-0228 -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Thu, 05 Mar 2015 12:05:47 -0500 ** Changed in: apache2 (Ubuntu Utopic) Status: Confirmed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-5704 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-3581 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-3583 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-8109 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-0228 ** Changed in: apache2 (Ubuntu Lucid) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1425141 Title: mod_headers CVE-2013-5704 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1425141/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs