[USN-4113-2] Apache HTTP Server regression

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[USN-4113-2] Apache HTTP Server regression

Steve Beattie
==========================================================================
Ubuntu Security Notice USN-4113-2
September 17, 2019

apache2 regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

USN-4113-1 introduced a regression in Apache.

Software Description:
- apache2: Apache HTTP server

Details:

USN-4113-1 fixed vulnerabilities in the Apache HTTP server.
Unfortunately, that update introduced a regression when proxying
balancer manager connections in some configurations. This update
fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Stefan Eissing discovered that the HTTP/2 implementation in Apache
 did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in
 some situations. A remote attacker could use this to cause a denial
 of service (daemon crash). This issue only affected Ubuntu 18.04 LTS
 and Ubuntu 19.04. (CVE-2019-0197)

 Craig Young discovered that a memory overwrite error existed in
 Apache when performing HTTP/2 very early pushes in some situations. A
 remote attacker could use this to cause a denial of service (daemon
 crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04.
 (CVE-2019-10081)

 Craig Young discovered that a read-after-free error existed in the
 HTTP/2 implementation in Apache during connection shutdown. A remote
 attacker could use this to possibly cause a denial of service (daemon
 crash) or possibly expose sensitive information. This issue only
 affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)

 Matei Badanoiu discovered that the mod_proxy component of
 Apache did not properly filter URLs when reporting errors in some
 configurations. A remote attacker could possibly use this issue to
 conduct cross-site scripting (XSS) attacks. (CVE-2019-10092)

 Daniel McCarney discovered that mod_remoteip component of Apache
 contained a stack buffer overflow when parsing headers from a trusted
 intermediary proxy in some situations. A remote attacker controlling a
 trusted proxy could use this to cause a denial of service or possibly
 execute arbitrary code. This issue only affected Ubuntu 19.04.
 (CVE-2019-10097)

 Yukitsugu Sasaki discovered that the mod_rewrite component in Apache
 was vulnerable to open redirects in some situations. A remote attacker
 could use this to possibly expose sensitive information or bypass
 intended restrictions. (CVE-2019-10098)

 Jonathan Looney discovered that the HTTP/2 implementation in Apache did
 not properly limit the amount of buffering for client connections in
 some situations. A remote attacker could use this to cause a denial
 of service (unresponsive daemon). This issue only affected Ubuntu
 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  apache2                         2.4.38-2ubuntu2.3
  apache2-bin                     2.4.38-2ubuntu2.3

Ubuntu 18.04 LTS:
  apache2                         2.4.29-1ubuntu4.11
  apache2-bin                     2.4.29-1ubuntu4.11

Ubuntu 16.04 LTS:
  apache2                         2.4.18-2ubuntu3.13
  apache2-bin                     2.4.18-2ubuntu3.13

In general, a standard system update will make all the necessary changes.

References:
  https://usn.ubuntu.com/4113-2
  https://usn.ubuntu.com/4113-1
  https://launchpad.net/bugs/1842701

Package Information:
  https://launchpad.net/ubuntu/+source/apache2/2.4.38-2ubuntu2.3
  https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.11
  https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.13


--
ubuntu-security-announce mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

signature.asc (849 bytes) Download Attachment