|
|
Log in / Subscribe / Register

Debian alert DLA-841-2 (apache2)



From:
    	      Antoine Beaupré <anarcat@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 841-2] apache2 regression update 


Date:
    	      Sat, 29 Jul 2017 13:41:52 -0400


Message-ID:
    	      <20170729174152.f6r4dmqtnuddt743@curie.anarc.at>


Package        : apache2
Version        : 2.2.22-13+deb7u11
CVE ID         : CVE-2015-0253 CVE-2016-8743
Debian Bug     : 858373

The fix for CVE-2016-8743 introduced a regression which would segfault
apache workers under certain conditions (#858373), an issue similar to
previously fixed CVE-2015-0253.

The issue was introduced in DLA-841-1 and the associated
2.2.22-13+deb7u8 package version. For Debian 7 "Wheezy", these
problems have been fixed in version 2.2.22-13+deb7u11.

We recommend that you upgrade your apache2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds