Apache2 security update for Debian 7 LTS

Debian 10241 Published 2017-07-17 13:06 by Philipp Esselbach

News

An Apache2 security update has been released for Debian GNU/Linux 7 LTS

Package : apache2
Version : 2.2.22-13+deb7u10
CVE ID : CVE-2017-9788
Debian Bug : #868467

Robert ÅwiÄcki discovered that the value placeholder in [Proxy-]Authorization
Digest headers were not initialized or reset before or between successive
key=value assignments in Apache 2's mod_auth_digest module

Providing an initial key with no '=' assignment could reflect the stale value
of uninitialized pool memory used by the prior request leading to leakage of
potentially confidential information and a segfault.

For Debian 7 "Wheezy", this issue has been fixed in apache2 version
2.2.22-13+deb7u10.

We recommend that you upgrade your apache2 packages.

Mageia 6 released

AMD Ryzen Series Customers Falling Prey To RMA Fraud On Amazon and more

Community

dhamu
Hello Phil, I have a Linux Tutorial website that curre ...
StephanX
Hi friends, i am new in the Linux universe but i try to ...
Philipp
I would try the XanMod kernel: https://xanmod.org I ...

Windows

Linux

macOS

Community