Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

Ubuntu 18.04 LTS: USN-3783-1 Critical: Apache HTTP Server DoS

ubuntu
Calendar Grey October 3, 2018
Dist Ubuntu Esm H88
Ubuntu has issued a critical advisory USN-3783-1, outlining vulnerabilities in the Apache HTTP Server. An update is essential to mitigate potential risks!
Several security issues were fixed in the Apache HTTP Server.

Summary

Several security issues were fixed in the Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module

incorrectly destroyed certain streams. A remote attacker could possibly

use this issue to cause the server to crash, leading to a denial of

service. (CVE-2018-1302)

Craig Young discovered that the Apache HTTP Server HTTP/2 module

incorrectly handled certain requests. A remote attacker could possibly

use this issue to cause the server to consume resources, leading to a

denial of service. (CVE-2018-1333)

Gal Goldshtein discovered that the Apache HTTP Server HTTP/2 module

incorrectly handled large SETTINGS frames. A remote attacker could possibly

use this issue to cause the server to consume resources, leading to a

denial of service. (CVE-2018-11763)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  apache2-bin                     2.4.29-1ubuntu4.4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3783-1

CVE-2018-11763, CVE-2018-1302, CVE-2018-1333

Severity
critical
Lowest
Low
Medium
High
Critical

October 03, 2018

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.