==========================================================================
Ubuntu Security Notice USN-2686-1
July 27, 2015
apache2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 15.04
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in the Apache HTTP server.
Software Description:
– apache2: Apache HTTP server
Details:
It was discovered that the Apache HTTP Server incorrectly parsed chunk
headers. A remote attacker could possibly use this issue to perform HTTP
request smuggling attacks. (CVE-2015-3183)
It was discovered that the Apache HTTP Server incorrectly handled the
ap_some_auth_required API. A remote attacker could possibly use this issue
to bypass intended access restrictions. This issue only affected Ubuntu
14.04 LTS and Ubuntu 15.04. (CVE-2015-3185)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
apache2.2-bin 2.4.10-9ubuntu1.1
Ubuntu 14.04 LTS:
apache2.2-bin 2.4.7-1ubuntu4.5
Ubuntu 12.04 LTS:
apache2.2-bin 2.2.22-1ubuntu1.10
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2686-1
CVE-2015-3183, CVE-2015-3185
Package Information:
https://launchpad.net/ubuntu/+source/apache2/2.4.10-9ubuntu1.1
https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.5
https://launchpad.net/ubuntu/+source/apache2/2.2.22-1ubuntu1.10
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJVtnEgAAoJEGVp2FWnRL6TLDQP/izUDoZluIVt490NmuHFTBeN
D64GSpjdL7wLRuzAnBxKLcXp7Nd9OIXiFp0HQkVzrrhKOtxBj6mKwjRRP6CrZ3ax
oQ2vUWhYgEFPZsovT9Yp37TwQfJGjVS9XaxYmcq6zaBaln1orAggqeUAHPzXFPX1
+ehsyjCrdBgsc6f+3Xyg8f2y1+ef3iU+v+nYwi4Rd2sjB0/49U0B3ljzqfaESdbJ
D3hErOZ8uwKts2hLNgT6N0lIpCFOoXGLE8Oy+os2NEz63+/fZ5MF8FbQZzRkOZaf
5AtDyWyz7niOGT6DGpICueJlh/g3DvPI/5YRTTrKYuNOJdQKNStmUcRH6jKstBY3
seTAzs+xn/HQV8kGO7Drv0QYPcjkZDU6pRUhZpb4olMGeHm/3ShalQmoGDdC4aGH
AoFbPASJO3L8QHbNxuMWosNpA4xMd3DRyosCa1ZuehCLfigo4gz5zpPJ8Ih6qDBR
moK5+FE6XA3D/kpdfTKuUcX4wq0mAC9dZj3a4ecwr5oKWCZSYMZN7EDRp6C0cYkm
avgTAW/JgotjfPDz0/U5KN5XxvlbhRUz59qwaiWRp+xUBvJZBPs8LOKtOTcWBhh8
vA6KcxG2SPA/tprkIJNEHn44MMjpMKeeiAW4I+KgJHw3cfuLnI/dxfuNY4aeolgW
yDZIZCXSRCrmiaCqy7od
=juYX
—–END PGP SIGNATURE—–
—