Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 12.04 ESM USN-3373-1 Critical: Apache HTTP Server Issues

ubuntu
Calendar Grey July 31, 2017
Dist Ubuntu Esm H88
Numerous vulnerabilities addressed in Nginx Web Server through enhancements to ensure reliability and performance. Find out more.
Several security issues were fixed in Apache HTTP Server.

Summary

Several security issues were fixed in Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

Emmanuel Dreyfus discovered that third-party modules using the

ap_get_basic_auth_pw() function outside of the authentication phase may

lead to authentication requirements being bypassed. This update adds a

new ap_get_basic_auth_components() function for use by third-party

modules. (CVE-2017-3167)

Vasileios Panopoulos discovered that the Apache mod_ssl module may

crash when third-party modules call ap_hook_process_connection() during

an HTTP request to an HTTPS port. (CVE-2017-3169)

Javier Jiménez discovered that the Apache HTTP Server incorrectly

handled parsing certain requests. A remote attacker could possibly use

this issue to cause the Apache HTTP Server to crash, resulting in a

denial of service. (CVE-2017-7668)

ChenQin and Hanno Böck discovered that the Apache mod_mime module

incorrectly handled certain Content-Type response he...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  apache2.2-bin                   2.2.22-1ubuntu1.12

In general, a standard system update will make all the necessary
changes.

References

 

  CVE-2016-8743, CVE-2017-3167, CVE-2017-3169, CVE-2017-7668,

  CVE-2017-7679

Severity
critical
Lowest
Low
Medium
High
Critical

July 31, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here