Ubuntu Security Notice 3370-2 - USN-3370-1 fixed a vulnerability in Apache HTTP Server. This update provides the corresponding update for Ubuntu 12.04 ESM. Robert Swiecki discovered that the Apache HTTP Server mod_auth_digest module incorrectly cleared values when processing certain requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial or service, or possibly obtain sensitive information. Various other issues were also addressed.
57839928399d0eabba39413dfc6608a0ecede2c901f1ddf577d8f96249ed719a
===========================================================================
Ubuntu Security Notice USN-3370-2
August 01, 2017
apache2 vulnerability
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Apache HTTP Server could be made to crash or leak sensitive information
if it received specially crafted network traffic.
Software Description:
- apache2: Apache HTTP server
Details:
USN-3370-1 fixed a vulnerability in Apache HTTP Server.
This update provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Robert Swiecki discovered that the Apache HTTP Server mod_auth_digest
module incorrectly cleared values when processing certain requests. A
remote attacker could use this issue to cause the server to crash,
resulting in a denial or service, or possibly obtain sensitive
information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
apache2.2-bin2.2.22-1ubuntu1.13
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3370-2
https://www.ubuntu.com/usn/usn-3370-1
CVE-2017-9788
--=-wn+gI3RoYRhyrGH54xlH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJZgMkhAAoJEEW851uECx9phdgQALIz3pSWWa9wCeNDoFT42rtY
iYJ6sPWWfo4Sc38u9GIregdfdDJY7G6tBo111gkEh6dMmuK7H6VGiJV8HiWyXf/t
hpe5bje9pUa3IJt39a77U8jaOHF7yXLvOglWtSPT3NcOnyW9n0LPlF8YjS3rHA5u
1WWC53uhMQB/XAZpC5ZpHMQ3LYNLdhYY++8qoSFrXd1xbL3I0QZ+Si7xRylGEr7M
rJcU8UKfNotreEM4IBm+PhUa97EsZ1NVpx9+K/3ZL8gKM3ZRA9j4NtUPvBC8EEKL
NjIxqdtbo09S3nPaapMOv4AK1W4XN2g24lAF2fCAMoq1A6Jwg6pmxgoJvy4Sb/89
B7YlkAjhk/yElgpS10iasRpQgy+LXW+qTrEqGSsBveysYS5rjny88LPVjT0Mzxyo
8nwgrjOFR0zYUMalB/BgEdi4yk+IZ/+WpjFOiWzXHXjRC0RJdg1VTnUhAG0G7w08
UWKXaQi2CzexPP28r9erWeBWB6JMHjC25/vEw7BXgJVwYIldG9x4VulfMXGLv2Gm
Es3BWYIvLsEH/XS4XM9Vz+6nSIHGWyKqioOON4o+Xfd0crNSJ1q2CqENohl6LW8S
4nyVN27eomI+4xAWEzDR3qXnIFmqOy09VLF9jdXSzQbMyfLHXos7KMlCXZU50YpB
yG9qmd3TkRL4vVyo3cdt
=GLsw
-----END PGP SIGNATURE-----
--=-wn+gI3RoYRhyrGH54xlH--
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed