This update for apache2 fixes the following security issues: Security issues fixed: - CVE-2016-0736: Protect mod_session_crypto data with a MAC to prevent padding oracle attacks . - CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS . - CVE-2016-8743: Added new directive HttpProtocolOptions Strict to avoid proxy chain misinterpretation . Bugfixes: - Add missing copy of hcuri and hcexpr from the worker to the health check worker .