You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa apache2

Sigurnosni nedostaci programskog paketa apache2

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2686-1
July 27, 2015

apache2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 15.04
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the Apache HTTP server.

Software Description:
– apache2: Apache HTTP server

Details:

It was discovered that the Apache HTTP Server incorrectly parsed chunk
headers. A remote attacker could possibly use this issue to perform HTTP
request smuggling attacks. (CVE-2015-3183)

It was discovered that the Apache HTTP Server incorrectly handled the
ap_some_auth_required API. A remote attacker could possibly use this issue
to bypass intended access restrictions. This issue only affected Ubuntu
14.04 LTS and Ubuntu 15.04. (CVE-2015-3185)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
apache2.2-bin 2.4.10-9ubuntu1.1

Ubuntu 14.04 LTS:
apache2.2-bin 2.4.7-1ubuntu4.5

Ubuntu 12.04 LTS:
apache2.2-bin 2.2.22-1ubuntu1.10

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2686-1
CVE-2015-3183, CVE-2015-3185

Package Information:
https://launchpad.net/ubuntu/+source/apache2/2.4.10-9ubuntu1.1
https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.5
https://launchpad.net/ubuntu/+source/apache2/2.2.22-1ubuntu1.10

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJVtnEgAAoJEGVp2FWnRL6TLDQP/izUDoZluIVt490NmuHFTBeN
D64GSpjdL7wLRuzAnBxKLcXp7Nd9OIXiFp0HQkVzrrhKOtxBj6mKwjRRP6CrZ3ax
oQ2vUWhYgEFPZsovT9Yp37TwQfJGjVS9XaxYmcq6zaBaln1orAggqeUAHPzXFPX1
+ehsyjCrdBgsc6f+3Xyg8f2y1+ef3iU+v+nYwi4Rd2sjB0/49U0B3ljzqfaESdbJ
D3hErOZ8uwKts2hLNgT6N0lIpCFOoXGLE8Oy+os2NEz63+/fZ5MF8FbQZzRkOZaf
5AtDyWyz7niOGT6DGpICueJlh/g3DvPI/5YRTTrKYuNOJdQKNStmUcRH6jKstBY3
seTAzs+xn/HQV8kGO7Drv0QYPcjkZDU6pRUhZpb4olMGeHm/3ShalQmoGDdC4aGH
AoFbPASJO3L8QHbNxuMWosNpA4xMd3DRyosCa1ZuehCLfigo4gz5zpPJ8Ih6qDBR
moK5+FE6XA3D/kpdfTKuUcX4wq0mAC9dZj3a4ecwr5oKWCZSYMZN7EDRp6C0cYkm
avgTAW/JgotjfPDz0/U5KN5XxvlbhRUz59qwaiWRp+xUBvJZBPs8LOKtOTcWBhh8
vA6KcxG2SPA/tprkIJNEHn44MMjpMKeeiAW4I+KgJHw3cfuLnI/dxfuNY4aeolgW
yDZIZCXSRCrmiaCqy7od
=juYX
—–END PGP SIGNATURE—–

AutorMarko Stanec
Cert idNCERT-REF-2015-07-0012-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa clutter

Otkriven je sigurnosni nedostatak u programskom paketu clutter za operacijski sustav Red Hat. Otkriveni nedostatak potencijalnim napadačima s fizičkim pristupom...

Close