Source: apache2 Version: 2.4.10-10 Severity: important Tags: security upstream fixed-upstream
Hi, the following vulnerability was published for apache2. CVE-2017-9788[0]: | In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value | placeholder in [Proxy-]Authorization headers of type 'Digest' was not | initialized or reset before or between successive key=value | assignments by mod_auth_digest. Providing an initial key with no '=' | assignment could reflect the stale value of uninitialized pool memory | used by the prior request, leading to leakage of potentially | confidential information, and a segfault in other cases resulting in | denial of service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9788 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788 Regards, Salvatore