USN-3425-2: Apache HTTP Server vulnerability
24 October 2017
Apache HTTP Server could be made to expose sensitive information over the network.
- apache2 - Apache HTTP server
USN-3425-1 fixed a vulnerability in Apache HTTP Server. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Hanno Böck discovered that the Apache HTTP Server incorrectly handled
Limit directives in .htaccess files. In certain configurations, a remote
attacker could possibly use this issue to read arbitrary server memory,
including sensitive information. This issue is known as Optionsbleed.
- USN-3425-1: apache2-suexec-pristine, apache2-data, apache2-doc, libapache2-mod-proxy-html, apache2-mpm-itk, libapache2-mod-macro, apache2-bin, apache2-mpm-worker, apache2-utils, apache2-mpm-event, apache2-dev, apache2, apache2-suexec-custom, apache2.2-bin, apache2-mpm-prefork, apache2-suexec