<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>==========================================================================<br>
</p>
<div class="gmail_quote">
Ubuntu Security Notice USN-5834-1<br>
January 31, 2023<br>
<br>
apache2 vulnerabilities<br>
==============================<wbr>==============================<wbr>==============<br>
<br>
A security issue affects these releases of Ubuntu and its
derivatives:<br>
<br>
- Ubuntu 16.04 ESM<br>
<br>
Summary:<br>
<br>
Several security issues were fixed in Apache HTTP Server.<br>
<br>
Software Description:<br>
- apache2: Apache HTTP server<br>
<br>
Details:<br>
<br>
It was discovered that the Apache HTTP Server mod_dav module did
not<br>
properly handle specially crafted request headers. A remote
attacker<br>
could possibly use this issue to cause the process to crash,
leading<br>
to a denial of service. (CVE-2006-20001)<br>
<br>
It was discovered that the Apache HTTP Server mod_proxy_ajp module
did not<br>
properly handle certain invalid Transfer-Encoding headers. A
remote attacker<br>
could possibly use this issue to perform an HTTP Request Smuggling
attack.<br>
(CVE-2022-36760)<br>
<br>
Update instructions:<br>
<br>
The problem can be corrected by updating your system to the
following<br>
package versions:<br>
<br>
Ubuntu 16.04 ESM:<br>
apache2 2.4.18-2ubuntu3.17+esm8<br>
apache2-bin 2.4.18-2ubuntu3.17+esm8<br>
<br>
In general, a standard system update will make all the necessary
changes.<br>
<br>
References:<br>
<a href="https://ubuntu.com/security/notices/USN-5834-1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-5834-1&source=gmail&ust=1675257411154000&usg=AOvVaw1WoMIqhy0iwdVYvGnJxfVb">https://ubuntu.com/security/no<wbr>tices/USN-5834-1</a><br>
CVE-2006-20001, CVE-2022-36760</div>
</body>
</html>