Overview

File _patchinfo of Package patchinfo.8507

<patchinfo incident="8507">
  <issue tracker="bnc" id="1016715"></issue>
  <issue tracker="bnc" id="1104826"></issue>
  <issue tracker="cve" id="2016-8743"/>
  <issue tracker="cve" id="2016-4975"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for apache2 fixes the following issues:

Security issues fixed:

- CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests
  and sent in response lines and headers. Accepting these different behaviors
  represented a security concern when httpd participates in any chain of
  proxies or interacts with back-end application servers, either through
  mod_proxy or using conventional CGI mechanisms, and may result in request
  smuggling, response splitting and cache pollution. (bsc#1016715)
- CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response splitting
  attacks for sites which use mod_userdir. This issue was mitigated by changes
  which prohibit CR or LF injection into the "Location" or other outbound
  header key or value. (bsc#1104826)
  </description>
  <summary>Security update for apache2</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places