资产安全
商业安全
安全服务
返回- 发布日期2020-08-13
- 感知时间2020-08-13
- 漏洞类型安全更新
- 风险等级未知
- 更新版本未知
- 情报贡献TSRC
USN-4458-1: Apache HTTP Server vulnerabilities
apache2 vulnerabilities<br/>A security issue affects these releases of Ubuntu and its derivatives:<br/>Ubuntu 20.04 LTS<br/>Ubuntu 18.04 LTS<br/>Ubuntu 16.04 LTS<br/>Summary<br/>Several security issues were fixed in Apache HTTP Server.<br/>Software Description<br/>apache2 - Apache HTTP server<br/>Details<br/>Fabrice Perez discovered that the Apache mod_rewrite module incorrectly handled certain redirects. A remote attacker could possibly use this issue to perform redirects to an unexpected URL. (CVE-2020-1927)<br/>Chamal De Silva discovered that the Apache mod_proxy_ftp module incorrectly handled memory when proxying to a malicious FTP server. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2020-1934)<br/>Felix Wilhelm discovered that the HTTP/2 implementation in Apache did not properly handle certain Cache-Digest headers. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-9490)<br/>Felix Wilhelm discovered that the Apache mod_proxy_uwsgi module incorrectly handled large headers. A remote attacker could use this issue to obtain sensitive information or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-11984)<br/>Felix Wilhelm discovered that the HTTP/2 implementation in Apache did not properly handle certain logging statements. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11993)<br/>Update instructions<br/>The problem can be corrected by updating your system to the following package versions:<br/>Ubuntu 20.04 LTS<br/>apache2 - 2.4.41-4ubuntu3.1<br/>apache2-bin - 2.4.41-4ubuntu3.1<br/>libapache2-mod-proxy-uwsgi - 2.4.41-4ubuntu3.1<br/>Ubuntu 18.04 LTS<br/>apache2 - 2.4.29-1ubuntu4.14<br/>apache2-bin - 2.4.29-1ubuntu4.14<br/>Ubuntu 16.04 LTS<br/>apache2 - 2.4.18-2ubuntu3.17<br/>apache2-bin - 2.4.18-2ubuntu3.17<br/>To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.<br/>In general, a standard system update will make all the necessary changes.<br/>References<br/>CVE-2020-11984<br/>CVE-2020-11993<br/>CVE-2020-1927<br/>CVE-2020-1934<br/>CVE-2020-9490<br/>]]>
Ubuntu是一个以桌面应用为主的Linux操作系统
<p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490">CVE-2020-9490</a></p><p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993">CVE-2020-11993</a></p><p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934">CVE-2020-1934</a></p><p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984">CVE-2020-11984</a></p><p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927">CVE-2020-1927</a></p>
暂无
暂无
https://usn.ubuntu.com/4458-1/
微信扫码关注公众号
