Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Ubuntu 21.04 USN-4994-1 Critical: Apache HTTP Server Denial of Service

ubuntu
Calendar Grey June 21, 2021
Dist Ubuntu Esm H88
Five vulnerabilities addressed in the Apache HTTP Server for Debian. Important patches released for impacted editions.
Several security issues were fixed in Apache HTTP Server.

Summary

Several security issues were fixed in Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

Marc Stern discovered that the Apache mod_proxy_http module incorrectly

handled certain requests. A remote attacker could possibly use this issue

to cause Apache to crash, resulting in a denial of service. This issue only

affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2020-13950)

Antonio Morales discovered that the Apache mod_auth_digest module

incorrectly handled certain Digest nonces. A remote attacker could possibly

use this issue to cause Apache to crash, resulting in a denial of service.

(CVE-2020-35452)

Antonio Morales discovered that the Apache mod_session module incorrectly

handled certain Cookie headers. A remote attacker could possibly use this

issue to cause Apache to crash, resulting in a denial of service.

(CVE-2021-26690)

Christophe Jaillet discovered that the Apache mod_session module

incorrectly handled...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
  apache2                         2.4.46-4ubuntu1.1
  apache2-bin                     2.4.46-4ubuntu1.1

Ubuntu 20.10:
  apache2                         2.4.46-1ubuntu1.2
  apache2-bin                     2.4.46-1ubuntu1.2

Ubuntu 20.04 LTS:
  apache2                         2.4.41-4ubuntu3.3
  apache2-bin                     2.4.41-4ubuntu3.3

Ubuntu 18.04 LTS:
  apache2                         2.4.29-1ubuntu4.16
  apache2-bin                     2.4.29-1ubuntu4.16

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4994-1

CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691,

CVE-2021-30641

Severity
critical
Lowest
Low
Medium
High
Critical

June 21, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here