Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Ubuntu 12.04 ESM USN-3937-2 Critical: Apache Remote Access Risks

Calendar Apr 10, 2019 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service security issue access control remote access Ubuntu apache2
Several security issues were fixed in Apache. 
=========================================================================Ubuntu Security Notice USN-3937-2
April 10, 2019

apache2 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in Apache.

Software Description:
- apache2: Apache HTTP server

Details:

USN-3937-1 and USN-3627-1 fixed several vulnerabilities in Apache.
This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 Simon Kappel discovered that the Apache HTTP Server mod_auth_digest
 module incorrectly handled threads. A remote attacker with valid
 credentials could possibly use this issue to authenticate using
 another username, bypassing access control restrictions. 
 (CVE-2019-0217)

 Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server
 mod_authnz_ldap module incorrectly handled missing charset encoding
 headers. A remote attacker could possibly use this issue to cause the
 server to crash, resulting in a denial of service. (CVE-2017-15710)

 Robert Swiecki discovered that the Apache HTTP Server incorrectly
 handled certain requests. A remote attacker could possibly use this
 issue to cause the server to crash, leading to a denial of service.
 (CVE-2018-1301)

 Nicolas Daniels discovered that the Apache HTTP Server incorrectly
 generated the nonce when creating HTTP Digest authentication
 challenges. A remote attacker could possibly use this issue to replay
 HTTP requests across a cluster of servers.
 (CVE-2018-1312)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  apache2.2-bin                   2.2.22-1ubuntu1.15

In general, a standard system update will make all the necessary
changes.

References:
  https://ubuntu.com/security/notices/USN-3937-2
  https://ubuntu.com/security/notices/USN-3937-1
  CVE-2017-15710, CVE-2018-1301, CVE-2018-1312, CVE-2019-0217

Ubuntu 12.04 ESM USN-3937-2 Critical: Apache Remote Access Risks

ubuntu
Calendar Grey April 10, 2019
Dist Ubuntu Esm H88
Essential patch for Nginx on Ubuntu 16.04 ESM resolves numerous vulnerabilities. Ensure safety by performing the upgrade.
Several security issues were fixed in Apache.

Summary

Topics%20covered

Topics Covered

security advisory denial of service security issue access control remote access Ubuntu apache2

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM:   apache2.2-bin                   2.2.22-1ubuntu1.15 In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-3937-2

  https://ubuntu.com/security/notices/USN-3937-1

  CVE-2017-15710, CVE-2018-1301, CVE-2018-1312, CVE-2019-0217

Severity
critical
Lowest
Low
Medium
High
Critical

April 10, 2019

Topics%20covered

Topics Covered

security advisory denial of service security issue access control remote access Ubuntu apache2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here