You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa apache2

Sigurnosni nedostaci programskog paketa apache2

==========================================================================
Ubuntu Security Notice USN-3783-1
October 03, 2018

apache2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Apache HTTP Server.

Software Description:
– apache2: Apache HTTP server

Details:

Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module
incorrectly destroyed certain streams. A remote attacker could possibly
use this issue to cause the server to crash, leading to a denial of
service. (CVE-2018-1302)

Craig Young discovered that the Apache HTTP Server HTTP/2 module
incorrectly handled certain requests. A remote attacker could possibly
use this issue to cause the server to consume resources, leading to a
denial of service. (CVE-2018-1333)

Gal Goldshtein discovered that the Apache HTTP Server HTTP/2 module
incorrectly handled large SETTINGS frames. A remote attacker could possibly
use this issue to cause the server to consume resources, leading to a
denial of service. (CVE-2018-11763)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
apache2-bin 2.4.29-1ubuntu4.4

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3783-1
CVE-2018-11763, CVE-2018-1302, CVE-2018-1333

Package Information:
https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.4

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlu1JtkACgkQZWnYVadE
vpP4qA//brxQJVLIgecUTJYN7bfTgv5ibSDd1DKQnFaKtK2OhyHTu1vcUdUUPknZ
4jmDQ4oLB3IlFJY6eQypIn0fd6MI3qT3B9vzNFDd5AzJ+JUHj/nJt70URHbgEJVR
nRSJx6Y09yHNDSYzOQPnXQ8+D5yyxAIjsfCBVkQn7K0LJKl1We6tE1TszpuNIM8T
Lo6B1Px1HZU/fkmlQoqrB+uXLGCqkkpz2e2edBtEcT1/XD26NIIWEhZ8Nf+HtWgi
UclH78HumMBfkACgei2HTfetjkXdGEkD4b6KUPlfILGa3rZHvg0u3H39cQx0V80X
Jl6x5hmOV3GN6Ppdmlyo4zAAzQRLi4yDF+zdU2uZjT8jdyCncR+GXYRhqDZwf8Kq
2cGKJU0JdEggKwZgEH1Kiy/hbliuvBgxaGIh6zVnbLthPDozRW/goG12bq6wt8ZW
/HNJp7unwALImteEVX9FaSaoQMrYgyeF+XUgpuatDtzsOhJZhXEQsXpAJLDFnWHr
KlAzUsYh9GJwk+fvhib1QAdfFicsxGnW3EzZAjIWYoKjOQ5yjDNeUrX2Ag+PDOu6
GW3ukOl5SYq7k0zcngCZn4aDd9BJ9JC/N/YjwqbAbIHgs/10UTaNuNyCwTzXH1PK
spuTnKMHp5Dm2gdjlphKg68kuQVeibZ82MT79ElY//VT/W9nkdI=
=jnjY
—–END PGP SIGNATURE—–

Top
More in Preporuke
Ranjivost Cisco Digital Network Architecture Center proizvoda

Otkrivena je kritična ranjivost kod Cisco Digital Network Architecture Center proizvoda uzrokovana nesigurnom tvornički predefiniranom konfigurnacijom zahvaćenog sustava. Potencijalni udaljeni...

Close