[USN-5333-2] Apache HTTP Server vulnerabilities
Leonidas S. Barbosa
leo.barbosa at canonical.com
Thu Mar 17 19:53:33 UTC 2022
Ubuntu Security Notice USN-5333-2
March 17, 2022
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Several security issues were fixed in Apache HTTP Server.
- apache2: Apache HTTP server
USN-5333-1 fixed several vulnerabilities in Apache. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Chamal De Silva discovered that the Apache HTTP Server mod_lua module
incorrectly handled certain crafted request bodies. A remote attacker could
possibly use this issue to cause the server to crash, resulting in a denial
of service. (CVE-2022-22719)
James Kettle discovered that the Apache HTTP Server incorrectly closed
inbound connection when certain errors are encountered. A remote attacker
could possibly use this issue to perform an HTTP Request Smuggling attack.
It was discovered that the Apache HTTP Server incorrectly handled large
LimitXMLRequestBody settings on certain platforms. In certain
configurations, a remote attacker could use this issue to cause the server
to crash, resulting in a denial of service, or possibly execute arbitrary
Ronald Crane discovered that the Apache HTTP Server mod_sed module
incorrectly handled memory. A remote attacker could use this issue to cause
the server to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2022-23943)
The problem can be corrected by updating your system to the following
Ubuntu 16.04 ESM:
Ubuntu 14.04 ESM:
In general, a standard system update will make all the necessary changes.
CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the ubuntu-security-announce