Security update for apache2
Apache2 was updated to fix bugs and security issues.
Security issues fixed:
CVE-2013-5704: Added a change to fix a flaw in the way mod_headers handled chunked requests. Adds
"MergeTrailers" directive to restore legacy behavior [bnc#871310],
CVE-2014-8109: Fixes handling of the Require line when a LuaAuthzProvider
is used in multiple Require directives with different arguments.
Bugfixes:
- changed apache2.service file to fix situation where apache won't
start at boot when using an encrypted certificate because user
isn't prompted for password during boot [bnc#792309].
- added around SSLSessionCache to avoid failing to start
[bnc#842377], [bnc#849445] and [bnc#864166].
- Submitted by Kristyna Streitova (kstreitova)
Fixed bugs
bnc#864166
apache2 fails to start at bootup
bnc#792309
systemd: Apache2 fails to start (timeout) at boot when mod_ssl enabled
bnc#909715
VUL-0: CVE-2014-8109: apache2: mod_lua: LuaAuthzProvider uses wrong arguments
bnc#871310
VUL-1: CVE-2013-5704: apache2: bypass of mod_headers rules via chunked requests
bnc#842377
Apache fails to start after "a2enflag SSL"
bnc#849445
mod_ssl not working properly