Several security issues were fixed in the Apache HTTP Server.
Software Description:
- apache2: Apache HTTP server
Details:
Charles Fol discovered that the Apache HTTP Server incorrectly handled the
scoreboard shared memory area. A remote attacker able to upload and run
scripts could possibly use this issue to execute arbitrary code with root
privileges. (CVE-2019-0211)
It was discovered that the Apache HTTP Server HTTP/2 module incorrectly
handled certain requests. A remote attacker could possibly use this issue
to cause the server to consume resources, leading to a denial of service.
This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10.
(CVE-2018-17189)
It was discovered that the Apache HTTP Server incorrectly handled session
expiry times. When used with mod_session_cookie, this may result in the
session expiry time to be ignored, contrary to expectations.
(CVE-2018-17199)
Craig Young discovered that the Apache HTTP Server HTTP/2 module
incorre...
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: apache2-bin 2.4.34-1ubuntu2.1 Ubuntu 18.04 LTS: apache2-bin 2.4.29-1ubuntu4.6 Ubuntu 16.04 LTS: apache2-bin 2.4.18-2ubuntu3.10 Ubuntu 14.04 LTS: apache2-bin 2.4.7-1ubuntu4.22 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-3937-1
CVE-2018-17189, CVE-2018-17199, CVE-2019-0196, CVE-2019-0211,
CVE-2019-0217, CVE-2019-0220
Get the latest Linux and open source security news straight to your inbox.