I'll check again tomorrow, and also let the secteam in on this bug On Tue, Sep 4, 2018, 18:40 Andreas Hasenack <andr...@canonical.com> wrote:
> Are you sure you are in ubuntu 14.04.5? Trusty's latest apache2 is > 2.4.7-1ubuntu4.20 > > I assume you meant xenial, which does have 2.4.18-2ubuntu3.8 in security > but has 3.9 in updates. > > 3.8 has security fixes around "nonce generation": > > * SECURITY UPDATE: insecure nonce generation > - debian/patches/CVE-2018-1312.patch: actually use the secret when > generating nonces in modules/aaa/mod_auth_digest.c. > - CVE-2018-1312 > > > ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1312 > > -- > You received this bug notification because you are a member of Ubuntu > Server, which is subscribed to apache2 in Ubuntu. > https://bugs.launchpad.net/bugs/1790430 > > Title: > None issues with auth_digest when running behind an reverse proxy > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1790430/+subscriptions > > -- > Ubuntu-server-bugs mailing list > Ubuntu-server-bugs@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs > -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1790430 Title: None issues with auth_digest when running behind an reverse proxy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1790430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
