USN-1199-1: Apache vulnerability

1 September 2011

apache2 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 11.04
  • Ubuntu 10.10
  • Ubuntu 10.04 LTS
  • Ubuntu 8.04 LTS

Summary

A remote attacker could send crafted input to Apache and cause it to crash.

Software Description

  • apache2 - Apache HTTP server

Details

A flaw was discovered in the byterange filter in Apache. A remote attacker could exploit this to cause a denial of service via resource exhaustion.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.04
apache2.2-bin - 2.2.17-1ubuntu1.2
Ubuntu 10.10
apache2.2-bin - 2.2.16-1ubuntu3.3
Ubuntu 10.04 LTS
apache2.2-bin - 2.2.14-5ubuntu8.6
Ubuntu 8.04 LTS
apache2-mpm-event - 2.2.8-1ubuntu0.21
apache2-mpm-perchild - 2.2.8-1ubuntu0.21
apache2-mpm-prefork - 2.2.8-1ubuntu0.21
apache2-mpm-worker - 2.2.8-1ubuntu0.21

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References