[Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State
University, Stefan Eissing]
- *) SECURITY: CVE-2016-5387 (cve.mitre.org)
- core: Mitigate [f]cgi "httpoxy" issues.
- [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
-
*) SECURITY: CVE-2016-2161 (cve.mitre.org)
mod_auth_digest: Prevent segfaults during client entry allocation when
the shared memory space is exhausted.
pollution by malicious clients, upstream servers or faulty modules.
[Stefan Fritsch, Eric Covener, Yann Ylavic]
+ *) core: Mitigate [f]cgi CVE-2016-5387 "httpoxy" issues.
+ [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
+
*) mod_rewrite: Limit runaway memory use by short circuiting some kinds of
looping RewriteRules when the local path significantly exceeds
LimitRequestLine. PR 60478. [Jeff Wheelhouse <apache wheelhouse.org>]