Ubuntu 5333-1: Apache HTTP Server vulnerabilities | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
==========================================================================
Ubuntu Security Notice USN-5333-1
March 17, 2022

apache2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Apache HTTP Server.

Software Description:
- apache2: Apache HTTP server

Details:

Chamal De Silva discovered that the Apache HTTP Server mod_lua module
incorrectly handled certain crafted request bodies. A remote attacker could
possibly use this issue to cause the server to crash, resulting in a denial
of service. (CVE-2022-22719)

James Kettle discovered that the Apache HTTP Server incorrectly closed
inbound connection when certain errors are encountered. A remote attacker
could possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2022-22720)

It was discovered that the Apache HTTP Server incorrectly handled large
LimitXMLRequestBody settings on certain platforms. In certain
configurations, a remote attacker could use this issue to cause the server
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-22721)

Ronald Crane discovered that the Apache HTTP Server mod_sed module
incorrectly handled memory. A remote attacker could use this issue to cause
the server to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2022-23943)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  apache2                         2.4.48-3.1ubuntu3.3
  apache2-bin                     2.4.48-3.1ubuntu3.3

Ubuntu 20.04 LTS:
  apache2                         2.4.41-4ubuntu3.10
  apache2-bin                     2.4.41-4ubuntu3.10

Ubuntu 18.04 LTS:
  apache2                         2.4.29-1ubuntu4.22
  apache2-bin                     2.4.29-1ubuntu4.22

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5333-1
  CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943

Package Information:
  https://launchpad.net/ubuntu/+source/apache2/2.4.48-3.1ubuntu3.3
  https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.10
  https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.22

Ubuntu 5333-1: Apache HTTP Server vulnerabilities

March 17, 2022
Several security issues were fixed in Apache HTTP Server.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: Chamal De Silva discovered that the Apache HTTP Server mod_lua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2022-22719) James Kettle discovered that the Apache HTTP Server incorrectly closed inbound connection when certain errors are encountered. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-22720) It was discovered that the Apache HTTP Server incorrectly handled large LimitXMLRequestBody settings on certain platforms. In certain configurations, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22721) Ronald Crane discovered that the Apache HTTP Server mod_sed module incorrectly handled memory. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-23943)

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: apache2 2.4.48-3.1ubuntu3.3 apache2-bin 2.4.48-3.1ubuntu3.3 Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.10 apache2-bin 2.4.41-4ubuntu3.10 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.22 apache2-bin 2.4.29-1ubuntu4.22 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5333-1

CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943

Severity
Ubuntu Security Notice USN-5333-1

Package Information

https://launchpad.net/ubuntu/+source/apache2/2.4.48-3.1ubuntu3.3 https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.10 https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.22

Related News

Google Discloses CentOS Linux Kernel Vulnerabilities Following Failure to Issue Timely Fixes

5 Best free to use Linux Server distributions for 2023

Kali Linux 2023.1 Introduces 'Purple' Distro for Defensive Security

Companies Can’t Stop Using Open Source

News

Advisories

HOWTOs

Features

Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More
Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy