Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Ubuntu 16.04 ESM USN-5090-4 Critical: Apache HTTP Server Regression Fix

ubuntu
Calendar Grey September 28, 2021
Dist Ubuntu Esm H88
Nginx experienced a vulnerability in Debian 9 that compromises user data and necessitates an immediate patch for resolution.
USN-5090-1 introduced a regression in Apache HTTP Server.

Summary

USN-5090-1 introduced a regression in Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream

fixes introduced a regression in UDS URIs. This update fixes the problem.

Original advisory details:

James Kettle discovered that the Apache HTTP Server HTTP/2 module

incorrectly handled certain crafted methods. A remote attacker could

possibly use this issue to perform request splitting or cache poisoning

attacks. (CVE-2021-33193)

It was discovered that the Apache HTTP Server incorrectly handled certain

malformed requests. A remote attacker could possibly use this issue to

cause the server to crash, resulting in a denial of service.

(CVE-2021-34798)

Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly

handled certain request uri-paths. A remote attacker could possibly use

this issue to cause the server to crash, resulting in ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  apache2                         2.4.18-2ubuntu3.17+esm3
  apache2-bin                     2.4.18-2ubuntu3.17+esm3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5090-4

https://ubuntu.com/security/notices/USN-5090-1

Severity
critical
Lowest
Low
Medium
High
Critical

September 28, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.