1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • Apache HTTP Server vulnerabilities

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Thursday, August 13, 2020 12:10:01
    apache2 vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Several security issues were fixed in Apache HTTP Server.

    Software Description

    * apache2 - Apache HTTP server

    Details

    Fabrice Perez discovered that the Apache mod_rewrite module
    incorrectly handled certain redirects. A remote attacker could
    possibly use this issue to perform redirects to an unexpected URL.
    (CVE-2020-1927)

    Chamal De Silva discovered that the Apache mod_proxy_ftp module
    incorrectly handled memory when proxying to a malicious FTP
    server. A remote attacker could possibly use this issue to obtain
    sensitive information. (CVE-2020-1934)

    Felix Wilhelm discovered that the HTTP/2 implementation in Apache
    did not properly handle certain Cache-Digest headers. A remote
    attacker could possibly use this issue to cause Apache to crash,
    resulting in a denial of service. This issue only affected Ubuntu
    18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-9490)

    Felix Wilhelm discovered that the Apache mod_proxy_uwsgi module
    incorrectly handled large headers. A remote attacker could use
    this issue to obtain sensitive information or possibly execute
    arbitrary code. This issue only affected Ubuntu 20.04 LTS.
    (CVE-2020-11984)

    Felix Wilhelm discovered that the HTTP/2 implementation in Apache
    did not properly handle certain logging statements. A remote
    attacker could possibly use this issue to cause Apache to crash,
    resulting in a denial of service. This issue only affected Ubuntu
    18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11993)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    apache2 - 2.4.41-4ubuntu3.1
    apache2-bin - 2.4.41-4ubuntu3.1
    libapache2-mod-proxy-uwsgi - 2.4.41-4ubuntu3.1

    Ubuntu 18.04 LTS
    apache2 - 2.4.29-1ubuntu4.14
    apache2-bin - 2.4.29-1ubuntu4.14

    Ubuntu 16.04 LTS
    apache2 - 2.4.18-2ubuntu3.17
    apache2-bin - 2.4.18-2ubuntu3.17

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2020-11984
    * CVE-2020-11993
    * CVE-2020-1927
    * CVE-2020-1934
    * CVE-2020-9490

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)