This bug was fixed in the package apache2 - 2.2.8-1ubuntu0.24
---
apache2 (2.2.8-1ubuntu0.24) hardy-security; urgency=low
* SECURITY UPDATE: XSS vulnerability in mod_negotiation
- debian/patches/224_CVE-2012-2687.dpatch: escape filenames in
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2687
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1068854
Title:
Support option to disable TLS compression
** Changed in: apache2 (Ubuntu)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1068854
Title:
Support option to disable TLS compression to
Virendra, as far as I know, this isn't in any released Apache version.
** Changed in: apache2 (Ubuntu)
Status: Fix Released = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
** Changed in: apache2 (Debian)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1068854
Title:
Support option to disable TLS compression to
Debian just released apache2 v2.2.22-12 to address this issue.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1068854
Title:
Support option to disable TLS compression to protect
** Also affects: apache2 (Fedora) via
https://bugzilla.redhat.com/show_bug.cgi?id=857051
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
** Changed in: apache2 (Debian)
Status: Unknown = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1068854
Title:
Support option to disable TLS compression to
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1068854
Title:
Support option to disable TLS compression to protect
Note that Red Hat already supports a workaround [0] that allows for
disabling zlib at the OpenSSL layer, which prevents TLS compression
working in Apache. As far as I am aware, no such option exists for
Ubuntu, leaving users vulnerable until a new package is available.
[0]
10 matches
Mail list logo