File _patchinfo of Package patchinfo.3355
<patchinfo incident="3355"> <issue id="864166" tracker="bnc">apache2 fails to start at bootup</issue> <issue id="792309" tracker="bnc">systemd: Apache2 fails to start (timeout) at boot when mod_ssl enabled</issue> <issue id="909715" tracker="bnc">VUL-0: CVE-2014-8109: apache2: mod_lua: LuaAuthzProvider uses wrong arguments</issue> <issue id="871310" tracker="bnc">VUL-1: CVE-2013-5704: apache2: bypass of mod_headers rules via chunked requests</issue> <issue id="842377" tracker="bnc">Apache fails to start after "a2enflag SSL"</issue> <issue id="849445" tracker="bnc">mod_ssl not working properly</issue> <issue id="CVE-2014-8109" tracker="cve" /> <issue id="CVE-2013-5704" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>kstreitova</packager> <description> Apache2 was updated to fix bugs and security issues. Security issues fixed: CVE-2013-5704: Added a change to fix a flaw in the way mod_headers handled chunked requests. Adds "MergeTrailers" directive to restore legacy behavior [bnc#871310], CVE-2014-8109: Fixes handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments. Bugfixes: - changed apache2.service file to fix situation where apache won't start at boot when using an encrypted certificate because user isn't prompted for password during boot [bnc#792309]. - added <IfModule> around SSLSessionCache to avoid failing to start [bnc#842377], [bnc#849445] and [bnc#864166]. </description> <summary>Security update for apache2</summary> </patchinfo>
