apache2 security fix in 2.4.43
Bug #1870818 reported by
Gleb
on 2020-04-04
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | apache2 (Ubuntu) |
Undecided
|
Ubuntu Security Team | ||
Bug Description
update version apache to 2.4.43
CVE References
| Gleb (long76) wrote : | #1 |
Gleb (long76)
on 2020-04-04
| information type: | Private Security → Public |
| Launchpad Janitor (janitor) wrote : | #2 |
Status changed to 'Confirmed' because the bug affects multiple users.
| Changed in apache2 (Ubuntu): | |
| status: | New → Confirmed |
Paride Legovini (legovini)
on 2020-05-07
| information type: | Public → Public Security |
| Christian Ehrhardt (paelzer) wrote : | #3 |
Assigning to ubuntu-security for triage from their POV.
But actually I think this is known and in progress:
https:/
https:/
| Changed in apache2 (Ubuntu): | |
| assignee: | nobody → Ubuntu Security Team (ubuntu-security) |
| status: | Confirmed → In Progress |
To post a comment you must log in.
*) SECURITY: CVE-2020-1934 (cve.mitre.org)
mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
server. [Eric Covener]
*) SECURITY: CVE-2020-1927 (cve.mitre.org)
rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
matches and substitutions with encoded line break characters.
The fix for CVE-2019-10098 was not effective. [Ruediger Pluem]