apache2 2.2.22-1ubuntu1.3 source package in Ubuntu

Changelog

apache2 (2.2.22-1ubuntu1.3) precise-security; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048
 -- Marc Deslauriers <email address hidden>   Fri, 08 Mar 2013 09:52:54 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Precise
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
httpd
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
apache2_2.2.22.orig.tar.gz 6.9 MiB 74c1ffffefe1a502339b004ad6488fbd858eb425a05968cd67c05695dbc0fe7c
apache2_2.2.22-1ubuntu1.3.debian.tar.gz 213.5 KiB 1381ac1c66bb94033dcfd78a475d0aad896805c58740e864fd105d7350041d0c
apache2_2.2.22-1ubuntu1.3.dsc 3.0 KiB 57f7332dcb83a118ac968e7395286169c1c7e1992e9dcd14931193c9588ededc

View changes file

Binary packages built by this source

apache2: Apache HTTP Server metapackage

 The Apache Software Foundation's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 It features support for HTTPS, virtual hosting, CGI, SSI, IPv6, easy
 scripting and database integration, request/response filtering, many
 flexible authentication schemes, and more.

apache2-doc: Apache HTTP Server documentation

 This package provides the documentation for Apache 2. For more details
 see the apache2 package description.

apache2-mpm-event: Apache HTTP Server - event driven model

 Each Apache Multi-Processing Module provides a different "flavor" of
 web server binary, compiled with a different processing model.
 .
 The event MPM is designed to allow more requests to be served
 simultaneously by passing off some processing work to supporting
 threads, freeing up the main threads to work on new requests. It is
 especially suitable for sites that see extensive KeepAlive traffic.
 .
 This MPM is experimental and less tested than the worker and prefork MPMs.

apache2-mpm-itk: multiuser MPM for Apache 2.2

 The ITK Multi-Processing Module (MPM) works in about the same way as the
 classical "prefork" module (that is, without threads), except that it allows
 you to constrain each individual vhost to a particular system user. This
 allows you to run several different web sites on a single server without
 worrying that they will be able to read each others' files. This is a
 third-party MPM that is not included in the normal Apache httpd.
 .
 Please note that this MPM is somewhat less tested than the MPMs that come with
 Apache itself.

apache2-mpm-prefork: Apache HTTP Server - traditional non-threaded model

 Each Apache Multi-Processing Module provides a different "flavor" of
 web server binary, compiled with a different processing model.
 .
 The prefork MPM provides a non-threaded implementation using a variable
 number of processes where each process handles only one connection
 at the same time. It is not as fast as threaded models, but is considered to
 be more stable. It is appropriate for sites that need to maintain
 compatibility with non-thread-safe libraries, and is the best MPM for
 isolating each request, so that a problem with a single request will not
 affect any other.

apache2-mpm-worker: Apache HTTP Server - high speed threaded model

 Each Apache Multi-Processing Module provides a different "flavor" of
 web server binary, compiled with a different processing model.
 .
 The worker MPM provides the default threaded implementation. It is
 recommended especially for high-traffic sites because it is faster
 and has a smaller memory footprint than the traditional prefork MPM.

apache2-prefork-dev: Apache development headers - non-threaded MPM

 This package provides the development headers and apxs2 binary for
 apache2-mpm-prefork; see the apache2 package description for more details.
 .
 This should only be used when you absolutely *must* support a non-threaded
 environment (for PHP, for example).

apache2-suexec: Standard suexec program for Apache 2 mod_suexec

 Provides the standard suexec helper program for mod_suexec. This version is
 compiled with document root /var/www and userdir suffix public_html. If you
 need different settings, use the package apache2-suexec-custom.

apache2-suexec-custom: Configurable suexec program for Apache 2 mod_suexec

 Provides a customizable version of the suexec helper program for mod_suexec.
 This is not the version from upstream, but can be configured with a
 configuration file.
 .
 If you do not need non-standard document root or userdir settings, it is
 recommended that you use the standard suexec helper program from the
 apache2-suexec package instead.

apache2-threaded-dev: Apache development headers - threaded MPM

 This package provides the development headers and apxs2 binary for
 threaded versions of apache2; see the apache2 package description
 for more details.

apache2-utils: utility programs for webservers

 Provides some add-on programs useful for any webserver. These include:
  - ab (Apache benchmark tool)
  - logresolve (Resolve IP addresses to hostname in logfiles)
  - htpasswd (Manipulate basic authentication files)
  - htdigest (Manipulate digest authentication files)
  - dbmmanage (Manipulate basic authentication files in DBM format, using perl)
  - htdbm (Manipulate basic authentication files in DBM format, using APR)
  - rotatelogs (Periodically stop writing to a logfile and open a new one)
  - split-logfile (Split a single log including multiple vhosts)
  - checkgid (Checks whether the caller can setgid to the specified group)
  - check_forensic (Extract mod_log_forensic output from Apache log files)
  - httxt2dbm (Generate dbm files for use with RewriteMap)

apache2.2-bin: Apache HTTP Server common binary files

 The Apache Software Foundation's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 This package contains all binaries but no configuration or support scripts.
 To get a stand-alone server, you need to install one of the apache2-mpm-*
 packages, such as worker or prefork. Other packages like gnome-user-share
 may bring their own Apache configuration, though.

apache2.2-common: Apache HTTP Server common files

 The Apache Software Foundation's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 This package contains the configuration and support scripts.
 However, it does *not* include the server itself; for this you need to
 install one of the apache2-mpm-* packages, such as worker or prefork.