Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 21.04 USN-5090-3 Moderate: Apache HTTP Server Regression Fix

ubuntu
Calendar Grey September 28, 2021
Dist Ubuntu Esm H88
Resolving the issue arising from USN-5090-1 in the Apache HTTP Server; features critical enhancements.
USN-5090-1 introduced a regression in Apache HTTP Server.

Summary

USN-5090-1 introduced a regression in Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream

fixes introduced a regression in UDS URIs. This update fixes the problem.

Original advisory details:

James Kettle discovered that the Apache HTTP Server HTTP/2 module

incorrectly handled certain crafted methods. A remote attacker could

possibly use this issue to perform request splitting or cache poisoning

attacks. (CVE-2021-33193)

It was discovered that the Apache HTTP Server incorrectly handled certain

malformed requests. A remote attacker could possibly use this issue to

cause the server to crash, resulting in a denial of service.

(CVE-2021-34798)

Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly

handled certain request uri-paths. A remote attacker could possibly use

this issue to cause the server to crash, resulting in a de...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
  apache2                         2.4.46-4ubuntu1.3
  apache2-bin                     2.4.46-4ubuntu1.3

Ubuntu 20.04 LTS:
  apache2                         2.4.41-4ubuntu3.6
  apache2-bin                     2.4.41-4ubuntu3.6

Ubuntu 18.04 LTS:
  apache2                         2.4.29-1ubuntu4.18
  apache2-bin                     2.4.29-1ubuntu4.18

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5090-3

https://ubuntu.com/security/notices/USN-5090-1

https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1945311

Severity
important
Lowest
Low
Medium
High
Critical

September 28, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.