drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Apache (Aktualisierung)
Name: |
Mehrere Probleme in Apache (Aktualisierung) |
|
ID: |
USN-3937-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 ESM |
|
Datum: |
Mi, 10. April 2019, 16:47 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710 |
|
Applikationen: |
Apache |
|
Update von: |
Mehrere Probleme in Apache |
|
Originalnachricht |
--===============6701746318125065402== Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-OxF52fpB+leyoOWbAUgE"
--=-OxF52fpB+leyoOWbAUgE Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3937-2 April 10, 2019
apache2 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Apache.
Software Description: - apache2: Apache HTTP server
Details:
USN-3937-1 and USN-3627-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Simon Kappel discovered that the Apache HTTP Server mod_auth_digest module incorrectly handled threads. A remote attacker with valid credentials could possibly use this issue to authenticate using another username, bypassing access control restrictions. (CVE-2019-0217)
Alex Nichols and Jakob Hirsch discovered that the Apache HTTP Server mod_authnz_ldap module incorrectly handled missing charset encoding headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-15710)
Robert Swiecki discovered that the Apache HTTP Server incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. (CVE-2018-1301)
Nicolas Daniels discovered that the Apache HTTP Server incorrectly generated the nonce when creating HTTP Digest authentication challenges. A remote attacker could possibly use this issue to replay HTTP requests across a cluster of servers. (CVE-2018-1312)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM: apache2.2-bin 2.2.22-1ubuntu1.15
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3937-2 https://usn.ubuntu.com/usn/usn-3937-1 CVE-2017-15710, CVE-2018-1301, CVE-2018-1312, CVE-2019-0217 --=-OxF52fpB+leyoOWbAUgE Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAABCAAGBQJcrfUMAAoJEEW851uECx9pE1cQAIoaRw1Cv5a/HqY3LMp04Cxd 5ToJh5/loIko9E0CDcoDBm9h+VwAUJKliRiaMrlTHiaDEXQ6dYE/9/giG/W5/NZc CYsHHD4tlZhFwDREMZAPkvl2ATOzIMVDYDUWpe8HWmrLdJTveIZrFhKhe4gq5wyK kAnDtIrKN34Rkx5Ktr7mw8Y24OLm8uEcXhQjaGVN20LITk41TbMKSPl5MjL5f5ZH CJQr2zhuC7u5fap89J3E/NEJVX79sq0XnblMjxnoSAI934NDnVuA+bS38ALBK+l1 JWgRvKKKh0m6FtEFiUr3Qoxn8jQRfYrc2E76/1ZHstMkHaaBskx5D4fLBDILpj52 40yR2wrhAHujjgFhdWk+brCOfR6alQBPEtdnARiqmCTLjw/jiW0AzBegocuQtxQm YQA3z5Nl8H81VH4JxyTC0NMZiaBs4Uc4HK5NXnvCvtfgI4smYMiR2KxipyLwFbFl xAd7Hk/rDVQXfBYjapk8jFGeqP85gyb2V38DZiN19KiS06cY5m7A8Hyi1TLaaPyR 63vO93u/v7c1TAMVHZJ0fc+wxxnJHatKGY44SoHQ9f49hQcHRZqcz0V/16XYlx7D AMInVzuXPqwMGgGkFICcfTuKb1jEtihuMrmrWzsysdwH9yd+DH1QHikl7PHHOOXS 3YIdLaUio9LB4K3PnE17 =CZE3 -----END PGP SIGNATURE-----
--=-OxF52fpB+leyoOWbAUgE--
--===============6701746318125065402== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============6701746318125065402==--
|
|
|
|