Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Ubuntu 12.04 LTS USN-2625-1 Critical: Apache HTTP Server Update

ubuntu
Calendar Grey June 2, 2015
Dist Ubuntu Esm H88
=========================================================================Ubuntu Security Notice USN-
Several security improvements have been made to the Apache HTTP Server.

Summary

Several security improvements have been made to the Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

As a security improvement, this update makes the following changes to

the Apache package in Ubuntu 12.04 LTS:

Added support for ECC keys and ECDH ciphers.

The SSLProtocol configuration directive now allows specifying the TLSv1.1

and TLSv1.2 protocols.

Ephemeral key handling has been improved, including allowing DH parameters

to be loaded from the SSL certificate file specified in SSLCertificateFile.

The export cipher suites are now disabled by default.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  apache2.2-bin                   2.2.22-1ubuntu1.9

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2625-1

https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1197884, https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1400473

Severity
critical
Lowest
Low
Medium
High
Critical

June 02, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.