This bug was fixed in the package apache2 - 2.2.16-1ubuntu1 --------------- apache2 (2.2.16-1ubuntu1) maverick; urgency=low
* Merge from debian unstable. Remaining changes: - debian/{control, rules}: Enable PIE hardening. - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. - debian/control: Add bzr tag and point it to our tree. - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381) apache2 (2.2.16-1) unstable; urgency=medium * Urgency medium for security fix. * New upstream release: - CVE-2010-1452: mod_dav, mod_cache: Fix denial of service vulnerability due to incorrect handling of requests without a path segment. - mod_dir: add FallbackResource directive, to enable admin to specify an action to happen when a URL maps to no file, without resorting to ErrorDocument or mod_rewrite * Fix mod_ssl header line corruption because of using memcpy for overlapping buffers. PR 45444. LP: #609290, #589611, #595116 apache2 (2.2.15-6) unstable; urgency=low * Fix init script not correctly killing htcacheclean. Closes: #580971 * Add a separate entry in README.Debian about the need to use apache2ctl for starting instead of calling apache2 directly. Closes: #580445 * Fix debug info to allow gdb loading it automatically. Closes: #581514 * Fix install target in Makefile created by apxs2 -n. Closes: #588787 * Fix ab sending more requests than specified by the -n parameter. Closes: #541158 * Add apache2 monit configuration to apache2.2-commons examples dir. Closes: #583127 * Build as PIE, since gdb in squeeze now supports it. * Update the postrm script to also purge the version of /var/www/index.html introduced in 2.2.11-7. * Bump Standards-Version (no changes). -- Chuck Short <zul...@ubuntu.com> Mon, 26 Jul 2010 20:21:37 +0100 ** Changed in: apache2 (Ubuntu) Status: Confirmed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-1452 -- client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23) https://bugs.launchpad.net/bugs/589611 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs