USN-23-1: apache2 vulnerability

12 November 2004

apache2 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

Chintan Trivedi discovered a Denial of Service vulnerability in apache2. The field length limit was not enforced for certain malicious requests. This could allow a remote attacker who is able to send large amounts of data to a server to cause HTTP server instances to consume proportional amounts of memory, which can render the service unavailable.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
apache2-mpm-perchild
apache2-mpm-prefork
apache2-mpm-threadpool
apache2-mpm-worker

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References