Overview

File _patchinfo of Package patchinfo.3238

<patchinfo incident="3238">
  <issue id="980663" tracker="bnc">apache systemd notify related log message</issue>
  <issue id="1016715" tracker="bnc">VUL-0: CVE-2016-8743: apache2:  Apache HTTP Request Parsing Whitespace Defects</issue>
  <issue id="1016714" tracker="bnc">VUL-1: CVE-2016-2161: apache2: DoS vulnerability in mod_auth_digest</issue>
  <issue id="1016712" tracker="bnc">VUL-1: CVE-2016-0736: apache2: Padding Oracle in Apache mod_session_crypto</issue>
  <issue id="2016-8743" tracker="cve" />
  <issue id="2016-0736" tracker="cve" />
  <issue id="2016-2161" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>
This update for apache2 provides the following fixes:

Security issues fixed:
- CVE-2016-0736: Protect mod_session_crypto data with a MAC to prevent padding oracle attacks (bsc#1016712).
- CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS (bsc#1016714).
- CVE-2016-8743: Added new directive "HttpProtocolOptions Strict" to avoid proxy chain misinterpretation (bsc#1016715).

Bugfixes:
- Add NotifyAccess=all to systemd service files to prevent warnings in the log when using mod_systemd (bsc#980663).
</description>
  <summary>Security update for apache2</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places