Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 16.04 ESM: USN-5333-2 Critical Apache HTTP Server Issues

ubuntu
Calendar Grey March 17, 2022
Dist Ubuntu Esm H88
Upgrade your Ubuntu installations to mitigate Apache HTTP Server weaknesses disclosed on March 17, 2022, to enhance security.
Several security issues were fixed in Apache HTTP Server.

Summary

Several security issues were fixed in Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

USN-5333-1 fixed several vulnerabilities in Apache. This update provides

the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Chamal De Silva discovered that the Apache HTTP Server mod_lua module

incorrectly handled certain crafted request bodies. A remote attacker could

possibly use this issue to cause the server to crash, resulting in a denial

of service. (CVE-2022-22719)

James Kettle discovered that the Apache HTTP Server incorrectly closed

inbound connection when certain errors are encountered. A remote attacker

could possibly use this issue to perform an HTTP Request Smuggling attack.

(CVE-2022-22720)

It was discovered that the Apache HTTP Server incorrectly handled large

LimitXMLRequestBody settings on certain platforms. In certain

configurations, a remote attacker could use this issue to cause the s...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  apache2                         2.4.18-2ubuntu3.17+esm5
  apache2-bin                     2.4.18-2ubuntu3.17+esm5

Ubuntu 14.04 ESM:
  apache2                         2.4.7-1ubuntu4.22+esm4
  apache2-bin                     2.4.7-1ubuntu4.22+esm4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5333-2

https://ubuntu.com/security/notices/USN-5333-1

CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943

Severity
critical
Lowest
Low
Medium
High
Critical

March 17, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.