Ubuntu 21.04 USN-5090-1 Severe: Apache HTTP Server Denial of Service
Sep 27, 2021
•
LinuxSecurity Advisories
2 - 3 min read
Topics Covered
Several security issues were fixed in Apache HTTP Server.
=========================================================================Ubuntu Security Notice USN-5090-1 September 27, 2021 apache2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. (CVE-2021-33193) It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. (CVE-2021-36160) It was discovered that the Apache HTTP Server incorrectly handled escaping quotes. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: apache2 2.4.46-4ubuntu1.2 apache2-bin 2.4.46-4ubuntu1.2 Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.5 apache2-bin 2.4.41-4ubuntu3.5 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.17 apache2-bin 2.4.29-1ubuntu4.17 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5090-1 CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438 Package Information: https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2 https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5 https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17
PREVIOUS
NEXT
Ubuntu 21.04 USN-5090-1 Severe: Apache HTTP Server Denial of Service
ubuntu
September 27, 2021
Several security issues were fixed in Apache HTTP Server.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: apache2 2.4.46-4ubuntu1.2 apache2-bin 2.4.46-4ubuntu1.2 Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.5 apache2-bin 2.4.41-4ubuntu3.5 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.17 apache2-bin 2.4.29-1ubuntu4.17 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-5090-1
CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275,
CVE-2021-40438
Severity
critical
Lowest
Low
Medium
High
Critical
September 27, 2021
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2 https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5 https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!