USN-1199-1: Apache vulnerability

Ubuntu Security Notice USN-1199-1

1st September, 2011

apache2 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 11.04
  • Ubuntu 10.10
  • Ubuntu 10.04 LTS
  • Ubuntu 8.04 LTS

Summary

A remote attacker could send crafted input to Apache and cause it to crash.

Software description

  • apache2 - Apache HTTP server

Details

A flaw was discovered in the byterange filter in Apache. A remote attacker
could exploit this to cause a denial of service via resource exhaustion.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.04:
apache2.2-bin 2.2.17-1ubuntu1.2
Ubuntu 10.10:
apache2.2-bin 2.2.16-1ubuntu3.3
Ubuntu 10.04 LTS:
apache2.2-bin 2.2.14-5ubuntu8.6
Ubuntu 8.04 LTS:
apache2-mpm-worker 2.2.8-1ubuntu0.21
apache2-mpm-event 2.2.8-1ubuntu0.21
apache2-mpm-prefork 2.2.8-1ubuntu0.21
apache2-mpm-perchild 2.2.8-1ubuntu0.21

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-3192