USN-3783-1: Apache HTTP Server vulnerabilities

  • USN-3783-1: Apache HTTP Server vulnerabilities

    Ubuntu Security Notices wrote:

    apache2 vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 18.04 LTS

    Summary

    Several security issues were fixed in the Apache HTTP Server.

    Software Description

    • apache2 - Apache HTTP server

    Details

    Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module incorrectly destroyed certain streams. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. (CVE-2018-1302)

    Craig Young discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. (CVE-2018-1333)

    Gal Goldshtein discovered that the Apache HTTP Server HTTP/2 module incorrectly handled large SETTINGS frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. (CVE-2018-11763)

    Update instructions

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 18.04 LTS
    apache2-bin - 2.4.29-1ubuntu4.4

    To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary changes.

    References

    Source: usn.ubuntu.com/3783-1/