USN-177-1: Apache 2 vulnerabilities
Ubuntu Security Notice USN-177-1
7th September, 2005
apache2, libapache-mod-ssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.04
- Ubuntu 4.10
Apache did not honour the "SSLVerifyClient require" directive within a
<Location> block if the surrounding <VirtualHost> block contained a
directive "SSLVerifyClient optional". This allowed clients to bypass
client certificate validation on servers with the above configuration.
Filip Sneppe discovered a Denial of Service vulnerability in the byte
range filter handler. By requesting certain large byte ranges, a
remote attacker could cause memory exhaustion in the server.
The updated libapache-mod-ssl also fixes two older Denial of Service
vulnerabilities: A format string error in the ssl_log() function which
could be exploited to crash the server (CAN-2004-0700), and a flaw in
the SSL cipher negotiation which could be exploited to terminate a
session (CAN-2004-0885). Please note that Apache 1.3 and
libapache-mod-ssl are not officially supported (they are in the
"universe" component of the Ubuntu archive).
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.04:
- Ubuntu 4.10:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.