[apache2 0005284]: Security Fix for "httpoxy" CVE-2016-5387
Mantis Bug Tracker
noreply at opencsw.org
Fri Feb 10 14:35:50 CET 2017
A NOTE has been added to this issue.
======================================================================
https://www.opencsw.org/mantis/view.php?id=5284
======================================================================
Reported By: briandking
Assigned To: jh
======================================================================
Project: apache2
Issue ID: 5284
Category: upgrade
Reproducibility: always
Severity: minor
Priority: normal
Status: acknowledged
======================================================================
Date Submitted: 2016-09-26 17:19 CEST
Last Modified: 2017-02-10 14:35 CET
======================================================================
Summary: Security Fix for "httpoxy" CVE-2016-5387
Description:
Apache should be at version 2.2.32 to fix the latest known security issues
documented here: https://httpd.apache.org/security/vulnerabilities_22.html
In particular, 2.2.31 (currently the latest available on OpenCSW) is
vulnerable to "httpoxy" CVE-2016-5387:
https://www.apache.org/security/asf-httpoxy-response.txt
======================================================================
----------------------------------------------------------------------
(0011238) briandking (reporter) - 2017-02-10 14:35
https://www.opencsw.org/mantis/view.php?id=5284#c11238
----------------------------------------------------------------------
2.2.32 was released 2017-01-13
It is available here: https://httpd.apache.org/download.cgi#apache22
More information about the bug-notifications
mailing list