Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 21.10, 20.04, 18.04: USN-5333-1 Critical Apache Issue

ubuntu
Calendar Grey March 17, 2022
Dist Ubuntu Esm H88
Ubuntu has addressed various security vulnerabilities in the Apache HTTP Server through several updates, providing enhanced safeguarding.
Several security issues were fixed in Apache HTTP Server.

Summary

Several security issues were fixed in Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

Chamal De Silva discovered that the Apache HTTP Server mod_lua module

incorrectly handled certain crafted request bodies. A remote attacker could

possibly use this issue to cause the server to crash, resulting in a denial

of service. (CVE-2022-22719)

James Kettle discovered that the Apache HTTP Server incorrectly closed

inbound connection when certain errors are encountered. A remote attacker

could possibly use this issue to perform an HTTP Request Smuggling attack.

(CVE-2022-22720)

It was discovered that the Apache HTTP Server incorrectly handled large

LimitXMLRequestBody settings on certain platforms. In certain

configurations, a remote attacker could use this issue to cause the server

to crash, resulting in a denial of service, or possibly execute arbitrary

code. (CVE-2022-22721)

Ronald Crane discovered that the Apache HTTP Server m...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  apache2                         2.4.48-3.1ubuntu3.3
  apache2-bin                     2.4.48-3.1ubuntu3.3

Ubuntu 20.04 LTS:
  apache2                         2.4.41-4ubuntu3.10
  apache2-bin                     2.4.41-4ubuntu3.10

Ubuntu 18.04 LTS:
  apache2                         2.4.29-1ubuntu4.22
  apache2-bin                     2.4.29-1ubuntu4.22

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5333-1

CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943

Severity
critical
Lowest
Low
Medium
High
Critical

March 17, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.