drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Apache
Name: |
Mehrere Probleme in Apache |
|
ID: |
USN-3627-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.10 |
|
Datum: |
Do, 19. April 2018, 22:28 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303 |
|
Applikationen: |
Apache |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0178912458527408034== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="98YV8KKf2ez2w0jObfdyH8f4r6F2xu0kJ"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --98YV8KKf2ez2w0jObfdyH8f4r6F2xu0kJ Content-Type: multipart/mixed; boundary="gbhpmaVeVxw7V8wzSNnqMkB8qJFZXgaaN"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <7a5f5e05-6822-270f-2ab5-83c33cba3a14@canonical.com> Subject: [USN-3627-1] Apache HTTP Server vulnerabilities
--gbhpmaVeVxw7V8wzSNnqMkB8qJFZXgaaN Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3627-1 April 19, 2018
apache2 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Apache HTTP Server.
Software Description: - apache2: Apache HTTP server
Details:
Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-15710)
Elar Lang discovered that the Apache HTTP Server incorrectly handled certain characters specified in <FilesMatch>. A remote attacker could possibly use this issue to upload certain files, contrary to expectations. (CVE-2017-15715)
It was discovered that the Apache HTTP Server mod_session module incorrectly handled certain headers. A remote attacker could possibly use this issue to influence session data. (CVE-2018-1283)
Robert Swiecki discovered that the Apache HTTP Server incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. (CVE-2018-1301)
Robert Swiecki discovered that the Apache HTTP Server mod_cache_socache module incorrectly handled certain headers. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. (CVE-2018-1303)
Nicolas Daniels discovered that the Apache HTTP Server incorrectly generated the nonce when creating HTTP Digest authentication challenges. A remote attacker could possibly use this issue to replay HTTP requests across a cluster of servers. (CVE-2018-1312)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.10: apache2-bin 2.4.27-2ubuntu4.1
Ubuntu 16.04 LTS: apache2-bin 2.4.18-2ubuntu3.8
Ubuntu 14.04 LTS: apache2-bin 2.4.7-1ubuntu4.20
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3627-1 CVE-2017-15710, CVE-2017-15715, CVE-2018-1283, CVE-2018-1301, CVE-2018-1303, CVE-2018-1312
Package Information: https://launchpad.net/ubuntu/+source/apache2/2.4.27-2ubuntu4.1 https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.8 https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.20
--gbhpmaVeVxw7V8wzSNnqMkB8qJFZXgaaN--
--98YV8KKf2ez2w0jObfdyH8f4r6F2xu0kJ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJa2KdoAAoJEGVp2FWnRL6T7boP/16yJ+zOOvJtGOsmkveOjfWu r9AjWrEZ01eiKrekXK+mnFrS2T6/JLQfNcsbPy5btp19+JP6/xB/VugfEAvDUxgX 6H3dvUzVdsshY8KhiVOUHtRqqBZHZeZjw+txichbAWcDv6NZN7HOUhH9B5vNMtK7 LLGuzg5cAVoYlrDopNtHEa/zAOfusA1nGwcT8Cauq+Y15Bcj/Qd6C7yFbjp4+G/9 KN44wUHVewxAEjtAI78mytyKlCqb2DtTmeC89isUqskcYhx71fX2jwhzC7W/uzcS VXvTKrghF1yh0u+uMk5yrzw7bi3akKo6lsRFC0UgfM2hft8NIhxMZcxNBaUTdD7k LRxasqZ2gwa8z1ngKYzYINMwkOD3myyjEGKHS90p09q3BnNLRugui+JJmM4C4a3S vaM4h8fJNNTnb2B2cYtNsP7mjFmYbL4Nd80reZU9XFalhLH4jy7yI0wENdfu87Dr G8bLNtSHyQ462XrcGVGU+Ig5UsSPChlpW8reZuuO66l6CnAAmPPbwNnhEmScbS4z Rktn1idxTq6PwUOoX7WXv4gbLjrXs7Z1KKHFVQj2c54X1DAh2JdVftUnfpkVAP3d 8eqvXgGXo3Ep/t1v6l0+wIbnMGV29ij2XDFSbWOKFAjGm5YxbOiA11CLX6Efi99b I2bkRCX1Acb7dZFUMedr =kGW8 -----END PGP SIGNATURE-----
--98YV8KKf2ez2w0jObfdyH8f4r6F2xu0kJ--
--===============0178912458527408034== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============0178912458527408034==--
|
|
|
|