-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : apache2 Version : 2.2.22-13+deb7u10 CVE ID : CVE-2017-9788 Debian Bug : #868467
Robert Święcki discovered that the value placeholder in [Proxy-]Authorization Digest headers were not initialized or reset before or between successive key=value assignments in Apache 2's mod_auth_digest module Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request leading to leakage of potentially confidential information and a segfault. For Debian 7 "Wheezy", this issue has been fixed in apache2 version 2.2.22-13+deb7u10. We recommend that you upgrade your apache2 packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAllsbn0ACgkQHpU+J9Qx Hlgj4A/8Dugh3HGRoCDhin6P1OwryR7uMlc662kIpLdmDh2R2UMpcN49Lcz8HElI fSI32flbBGdhI5pj8vHRioXkJi4KrTHKxTo2n4vMXtJ6qYBogI+txMr78Cq1Gh0J yhA+06d+Cc/QbwYMc+owj1OHxQZzCT1eaBtLCao2Ay71TA65wrC/WICdhStrOhOr L5BCgmdltZ4aERw72zCOFe/FrMiEh53Nhw7ZHXw51ul/jnvZL70LzUs0OBnC9cyU EdNnhILL9OUma1JlEtpjnh2HoJ+KxCm1FcNZppWZHhGSVd8Au3vfGQz7lNsUV+Dr JNC49skYvugyYiPu/mmI+W8ouuWiReLyYwzW/dHDxYNTNCH3deLIDXoT5AlAllkX hxeywvsixjniPTFaCezuoaSdIU6/UI4PVulnSnq2UMRZucyNRU5vkXCqrFT5U6hH 9DHd7DKgvZy+f/wcM00YzoLlfWFdIcdYrGHQXHIJOljUyO/RyQPsU57UwIbfXHzd H+Bzvs09aV5OqaC7Ko6sV9Z+FYap1N/Y3jQ8fzEUKaq7N67wqt7iWLKk+vpl26Hk 5jrW9rozDCyW+qkM4ji7zq/8b0SzI/qbyH2Eei576Q0BIGbACDHHnfnu/OBiwW3n TAOlXzRzF+ubJg/229kLZu2fjI0VcNADyZMuv4VtjqCGNRKm0GY= =ge+I -----END PGP SIGNATURE-----