USN-4307-1: Apache HTTP Server update

18 March 2020

apache2 update

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS

Summary

TLSv1.3 support has been enabled in Apache HTTP Server in Ubuntu 18.04 LTS.

Software Description

  • apache2 - Apache HTTP server

Details

As a security improvement, this update adds TLSv1.3 support to the Apache HTTP Server package in Ubuntu 18.04 LTS.

TLSv1.3 is enabled by default, and in certain environments may cause compatibility issues. The SSLProtocol directive may be used to disable TLSv1.3 in these problematic environments.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
apache2-bin - 2.4.29-1ubuntu4.13

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References