USN-5090-2: Apache HTTP Server vulnerabilities
27 September 2021
Several security issues were fixed in Apache HTTP Server.
- apache2 - Apache HTTP server
USN-5090-1 fixed several vulnerabilities in Apache. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that the Apache HTTP Server incorrectly handled certain
malformed requests. A remote attacker could possibly use this issue to
cause the server to crash, resulting in a denial of service.
It was discovered that the Apache HTTP Server incorrectly handled escaping
quotes. If the server was configured with third-party modules, a remote
attacker could use this issue to cause the server to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2021-39275)
It was discovered that the Apache mod_proxy module incorrectly handled
certain request uri-paths. A remote attacker could possibly use this issue
to cause the server to forward requests to arbitrary origin servers.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.
- USN-5090-1: apache2-suexec-pristine, apache2-data, apache2-utils, libapache2-mod-md, apache2-ssl-dev, apache2-dev, libapache2-mod-proxy-uwsgi, apache2-doc, apache2, apache2-suexec-custom, apache2-bin