Explore top 10 tips to secure your open-source projects now. Read More
×
USN-4113-1 introduced a regression in Apache.
Software Description:
- apache2: Apache HTTP server
Details:
USN-4113-1 fixed vulnerabilities in the Apache HTTP server.
Unfortunately, that update introduced a regression when proxying
balancer manager connections in some configurations. This update
fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Stefan Eissing discovered that the HTTP/2 implementation in Apache
did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in
some situations. A remote attacker could use this to cause a denial
of service (daemon crash). This issue only affected Ubuntu 18.04 LTS
and Ubuntu 19.04. (CVE-2019-0197)
Craig Young discovered that a memory overwrite error existed in
Apache when performing HTTP/2 very early pushes in some situations. A
remote attacker could use this to cause a denial of service (daemon
crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04.
(CVE-2019-10081)
Craig...
The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: apache2 2.4.38-2ubuntu2.3 apache2-bin 2.4.38-2ubuntu2.3 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.11 apache2-bin 2.4.29-1ubuntu4.11 Ubuntu 16.04 LTS: apache2 2.4.18-2ubuntu3.13 apache2-bin 2.4.18-2ubuntu3.13 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4113-2
https://ubuntu.com/security/notices/USN-4113-1
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1842701
Get the latest Linux and open source security news straight to your inbox.