Alerts This Week
Warning Icon 1 1,146
Alerts This Week
Warning Icon 1 1,146

Ubuntu 20.04 LTS Apache HTTP Server Advisory: USN-4458-1 Critical Issues

ubuntu
Calendar Grey August 13, 2020
Dist Ubuntu Esm H88
Solutions for different apache2 vulnerabilities impacting Ubuntu releases from 16.04 through 20.04 LTS. Upgrade your systems immediately to maintain security!
Several security issues were fixed in Apache HTTP Server.

Summary

Several security issues were fixed in Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

Fabrice Perez discovered that the Apache mod_rewrite module incorrectly

handled certain redirects. A remote attacker could possibly use this issue

to perform redirects to an unexpected URL. (CVE-2020-1927)

Chamal De Silva discovered that the Apache mod_proxy_ftp module incorrectly

handled memory when proxying to a malicious FTP server. A remote attacker

could possibly use this issue to obtain sensitive information.

(CVE-2020-1934)

Felix Wilhelm discovered that the HTTP/2 implementation in Apache did not

properly handle certain Cache-Digest headers. A remote attacker could

possibly use this issue to cause Apache to crash, resulting in a denial of

service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

(CVE-2020-9490)

Felix Wilhelm discovered that the Apache mod_proxy_uwsgi module incorrectly

handled large headers. A rem...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  apache2                         2.4.41-4ubuntu3.1
  apache2-bin                     2.4.41-4ubuntu3.1
  libapache2-mod-proxy-uwsgi      2.4.41-4ubuntu3.1

Ubuntu 18.04 LTS:
  apache2                         2.4.29-1ubuntu4.14
  apache2-bin                     2.4.29-1ubuntu4.14

Ubuntu 16.04 LTS:
  apache2                         2.4.18-2ubuntu3.17
  apache2-bin                     2.4.18-2ubuntu3.17

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4458-1

CVE-2020-11984, CVE-2020-11993, CVE-2020-1927, CVE-2020-1934,

CVE-2020-9490

Severity
critical
Lowest
Low
Medium
High
Critical

August 13, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here