diff options
| author | taca <taca> | 2016-12-20 21:06:34 +0000 |
|---|---|---|
| committer | taca <taca> | 2016-12-20 21:06:34 +0000 |
| commit | bc903fd8a7230ff69c7b55765a9002c433d5e47f (patch) | |
| tree | 0dedb0a362cbb236942c6e2dbb65d54790cd42e3 /doc | |
| parent | 2d6d9fbf1563b21e82c3605fde24aaf4526ee4a8 (diff) | |
| download | pkgsrc-bc903fd8a7230ff69c7b55765a9002c433d5e47f.tar.gz | |
Update apache24 to 2.4.25 (Apache HTTPD 2.4.25). 2.4.24 was not released.
This release fixes several security problems, some of them are already
handled in pkgsrc. Please refer CHANGES file in detail.
*) SECURITY: CVE-2016-8740 (cve.mitre.org)
mod_http2: Mitigate DoS memory exhaustion via endless
CONTINUATION frames.
[Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State
University, Stefan Eissing]
*) SECURITY: CVE-2016-5387 (cve.mitre.org)
core: Mitigate [f]cgi "httpoxy" issues.
[Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
*) SECURITY: CVE-2016-2161 (cve.mitre.org)
mod_auth_digest: Prevent segfaults during client entry allocation when
the shared memory space is exhausted.
[Maksim Malyutin <m.malyutin dsec.ru>, Eric Covener, Jacob Champion]
*) SECURITY: CVE-2016-0736 (cve.mitre.org)
mod_session_crypto: Authenticate the session data/cookie with a
MAC (SipHash) to prevent deciphering or tampering with a padding
oracle attack. [Yann Ylavic, Colm MacCarthaigh]
*) SECURITY: CVE-2016-8743 (cve.mitre.org)
Enforce HTTP request grammar corresponding to RFC7230 for request lines
and request headers, to prevent response splitting and cache pollution by
malicious clients or downstream proxies. [William Rowe, Stefan Fritsch]
Diffstat (limited to 'doc')
0 files changed, 0 insertions, 0 deletions