This bug was fixed in the package apache2 - 2.2.17-1ubuntu1.4 --------------- apache2 (2.2.17-1ubuntu1.4) natty-security; urgency=low
* SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740) - debian/patches/212_CVE-2011-3368.dpatch: return 400 on invalid requests. (patch courtesy of Michael Jeanson) - debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http 0.9 protocol - CVE-2011-3368 * SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674) - debian/patches/213_CVE-2011-3348.dpatch: return HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested - CVE-2011-3348 * SECURITY UPDATE: mpm-itk failure to drop privileges in certain configurations - debian/mpm-itk/patches/11-CVE-2011-1176.patch: merge configurations correctly - CVE-2011-1176 * Include additional fixes for regressions introduced by CVE-2011-3192 fixes - debian/patches/084_CVE-2011-3192_regression_part2.dpatch: take upstream fixes for byterange_filter.c through the 2.2.21 release except for the added MaxRanges configuration option along with a fix staged for 2.2.22. -- Steve Beattie <sbeat...@ubuntu.com> Wed, 02 Nov 2011 17:21:04 -0700 ** Changed in: apache2 (Ubuntu Maverick) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/877740 Title: CVE-2011-3368 Apache2 mod_proxy reverse proxy exposure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/877740/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs