[apache2 0005284]: Security Fix for "httpoxy" CVE-2016-5387

Mantis Bug Tracker noreply at opencsw.org
Fri Feb 10 14:35:50 CET 2017


A NOTE has been added to this issue. 
====================================================================== 
https://www.opencsw.org/mantis/view.php?id=5284 
====================================================================== 
Reported By:                briandking
Assigned To:                jh
====================================================================== 
Project:                    apache2
Issue ID:                   5284
Category:                   upgrade
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     acknowledged
====================================================================== 
Date Submitted:             2016-09-26 17:19 CEST
Last Modified:              2017-02-10 14:35 CET
====================================================================== 
Summary:                    Security Fix for "httpoxy" CVE-2016-5387
Description: 
Apache should be at version 2.2.32 to fix the latest known security issues
documented here: https://httpd.apache.org/security/vulnerabilities_22.html

In particular, 2.2.31 (currently the latest available on OpenCSW) is
vulnerable to "httpoxy" CVE-2016-5387:
https://www.apache.org/security/asf-httpoxy-response.txt

====================================================================== 

---------------------------------------------------------------------- 
 (0011238) briandking (reporter) - 2017-02-10 14:35
 https://www.opencsw.org/mantis/view.php?id=5284#c11238 
---------------------------------------------------------------------- 
2.2.32 was released 2017-01-13

It is available here: https://httpd.apache.org/download.cgi#apache22



More information about the bug-notifications mailing list