Overview

File _patchinfo of Package patchinfo.4254

<patchinfo incident="4254">
  <issue id="1016715" tracker="bnc">VUL-0: CVE-2016-8743: apache2:  Apache HTTP Request Parsing Whitespace Defects</issue>
  <issue id="1016714" tracker="bnc">VUL-1: CVE-2016-2161: apache2: DoS vulnerability in mod_auth_digest</issue>
  <issue id="1016712" tracker="bnc">VUL-1: CVE-2016-0736: apache2: Padding Oracle in Apache mod_session_crypto</issue>
  <issue id="1019380" tracker="bnc">Apache httpd mod_proxy_hcheck ignores hcuri and hcexpr parameters</issue>
  <issue id="2016-8743" tracker="cve" />
  <issue id="2016-0736" tracker="cve" />
  <issue id="2016-2161" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>
This update for apache2 fixes the following security issues:

Security issues fixed:
- CVE-2016-0736: Protect mod_session_crypto data with a MAC to prevent padding oracle attacks (bsc#1016712).
- CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS (bsc#1016714).
- CVE-2016-8743: Added new directive "HttpProtocolOptions Strict" to avoid proxy chain misinterpretation (bsc#1016715).

Bugfixes:
- Add missing copy of hcuri and hcexpr from the worker to the health check worker (bsc#1019380).
</description>
  <summary>Security update for apache2</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places