What Are You Looking For?

Sign Up
=========================================================================Ubuntu Security Notice USN-5333-1
March 17, 2022

apache2 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Apache HTTP Server.

Software Description:
- apache2: Apache HTTP server

Details:

Chamal De Silva discovered that the Apache HTTP Server mod_lua module
incorrectly handled certain crafted request bodies. A remote attacker could
possibly use this issue to cause the server to crash, resulting in a denial
of service. (CVE-2022-22719)

James Kettle discovered that the Apache HTTP Server incorrectly closed
inbound connection when certain errors are encountered. A remote attacker
could possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2022-22720)

It was discovered that the Apache HTTP Server incorrectly handled large
LimitXMLRequestBody settings on certain platforms. In certain
configurations, a remote attacker could use this issue to cause the server
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-22721)

Ronald Crane discovered that the Apache HTTP Server mod_sed module
incorrectly handled memory. A remote attacker could use this issue to cause
the server to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2022-23943)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  apache2                         2.4.48-3.1ubuntu3.3
  apache2-bin                     2.4.48-3.1ubuntu3.3

Ubuntu 20.04 LTS:
  apache2                         2.4.41-4ubuntu3.10
  apache2-bin                     2.4.41-4ubuntu3.10

Ubuntu 18.04 LTS:
  apache2                         2.4.29-1ubuntu4.22
  apache2-bin                     2.4.29-1ubuntu4.22

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5333-1
  CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943

Package Information:
  https://launchpad.net/ubuntu/+source/apache2/2.4.48-3.1ubuntu3.3
  https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.10
  https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.22

Ubuntu 5333-1: Apache HTTP Server vulnerabilities

March 17, 2022
Several security issues were fixed in Apache HTTP Server.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: apache2 2.4.48-3.1ubuntu3.3 apache2-bin 2.4.48-3.1ubuntu3.3 Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.10 apache2-bin 2.4.41-4ubuntu3.10 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.22 apache2-bin 2.4.29-1ubuntu4.22 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5333-1

CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943

Severity
March 17, 2022

Package Information

https://launchpad.net/ubuntu/+source/apache2/2.4.48-3.1ubuntu3.3 https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.10 https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.22

Related News

From Heartbleed to Now: Evolving Threats in OpenSSL and How to Guard Against Them

Nov 17, 2023

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo