Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Ubuntu 16.04 ESM: 4994-2 Moderate: Apache Denial of Service

ubuntu
Calendar Grey June 21, 2021
Dist Ubuntu Esm H88
This notification provides information about the latest patches for Ubuntu ESM distributions within Nginx to address multiple vulnerabilities and improve system safety.
Several security issues were fixed in Apache HTTP Server.

Summary

Several security issues were fixed in Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

USN-4994-1 fixed several vulnerabilities in Apache. This update provides

the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Antonio Morales discovered that the Apache mod_auth_digest module

incorrectly handled certain Digest nonces. A remote attacker could possibly

use this issue to cause Apache to crash, resulting in a denial of service.

(CVE-2020-35452)

Antonio Morales discovered that the Apache mod_session module incorrectly

handled certain Cookie headers. A remote attacker could possibly use this

issue to cause Apache to crash, resulting in a denial of service.

(CVE-2021-26690)

Christophe Jaillet discovered that the Apache mod_session module

incorrectly handled certain SessionHeader values. A remote attacker could

use this issue to cause Apache to crash, resulting in a denial of service,

or possibly...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  apache2                         2.4.18-2ubuntu3.17+esm1
  apache2-bin                     2.4.18-2ubuntu3.17+esm1

Ubuntu 14.04 ESM:
  apache2                         2.4.7-1ubuntu4.22+esm1
  apache2-bin                     2.4.7-1ubuntu4.22+esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4994-1

CVE-2020-35452, CVE-2021-26690, CVE-2021-26691, CVE-2021-30641

June 21, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here