USN-3340-1
See a problem?- Source
- https://ubuntu.com/security/notices/USN-3340-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3340-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-3340-1
- Related
- Published
- 2017-06-26T17:14:56.727156Z
- Modified
- 2017-06-26T17:14:56.727156Z
- Summary
- apache2 vulnerabilities
- Details
-
Emmanuel Dreyfus discovered that third-party modules using the apgetbasicauthpw() function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new apgetbasicauthcomponents() function for use by third-party modules. (CVE-2017-3167)
Vasileios Panopoulos discovered that the Apache modssl module may crash when third-party modules call aphookprocessconnection() during an HTTP request to an HTTPS port. (CVE-2017-3169)
Javier Jiménez discovered that the Apache HTTP Server incorrectly handled parsing certain requests. A remote attacker could possibly use this issue to cause the Apache HTTP Server to crash, resulting in a denial of service. (CVE-2017-7668)
ChenQin and Hanno Böck discovered that the Apache mod_mime module incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to cause the Apache HTTP Server to crash, resulting in a denial of service. (CVE-2017-7679)
- References
Affected packages
Ubuntu:14.04:LTS / apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.7-1ubuntu4.16?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.7-1ubuntu4.16
Affected versions
2.*
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"apache2-suexec": "2.4.7-1ubuntu4.16",
"apache2-suexec-pristine-dbgsym": "2.4.7-1ubuntu4.16",
"libapache2-mod-proxy-html": "1:2.4.7-1ubuntu4.16",
"apache2-dev": "2.4.7-1ubuntu4.16",
"apache2-bin": "2.4.7-1ubuntu4.16",
"apache2-suexec-custom": "2.4.7-1ubuntu4.16",
"apache2-suexec-pristine": "2.4.7-1ubuntu4.16",
"apache2-doc": "2.4.7-1ubuntu4.16",
"apache2-mpm-event": "2.4.7-1ubuntu4.16",
"apache2": "2.4.7-1ubuntu4.16",
"apache2-dbg": "2.4.7-1ubuntu4.16",
"apache2-utils-dbgsym": "2.4.7-1ubuntu4.16",
"apache2-data": "2.4.7-1ubuntu4.16",
"apache2-mpm-prefork": "2.4.7-1ubuntu4.16",
"apache2-mpm-itk": "2.4.7-1ubuntu4.16",
"libapache2-mod-macro": "1:2.4.7-1ubuntu4.16",
"apache2-suexec-custom-dbgsym": "2.4.7-1ubuntu4.16",
"apache2.2-bin": "2.4.7-1ubuntu4.16",
"apache2-bin-dbgsym": "2.4.7-1ubuntu4.16",
"apache2-utils": "2.4.7-1ubuntu4.16",
"apache2-mpm-worker": "2.4.7-1ubuntu4.16"
}
]
}
Ubuntu:16.04:LTS / apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.18-2ubuntu3.3?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.18-2ubuntu3.3
Affected versions
2.*
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"apache2-suexec-pristine-dbgsym": "2.4.18-2ubuntu3.3",
"apache2-dev": "2.4.18-2ubuntu3.3",
"apache2-bin": "2.4.18-2ubuntu3.3",
"apache2-suexec-pristine": "2.4.18-2ubuntu3.3",
"apache2-doc": "2.4.18-2ubuntu3.3",
"apache2": "2.4.18-2ubuntu3.3",
"apache2-dev-dbgsym": "2.4.18-2ubuntu3.3",
"apache2-dbg": "2.4.18-2ubuntu3.3",
"apache2-utils-dbgsym": "2.4.18-2ubuntu3.3",
"apache2-data": "2.4.18-2ubuntu3.3",
"apache2-dbgsym": "2.4.18-2ubuntu3.3",
"apache2-suexec-custom-dbgsym": "2.4.18-2ubuntu3.3",
"apache2-bin-dbgsym": "2.4.18-2ubuntu3.3",
"apache2-utils": "2.4.18-2ubuntu3.3",
"apache2-suexec-custom": "2.4.18-2ubuntu3.3"
}
]
}