apache2 security fix in 2.4.43
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| apache2 (Ubuntu) |
Undecided
|
Ubuntu Security Team |
Bug Description
update version apache to 2.4.43
CVE References
Gleb (long76) wrote : | #1 |
information type: | Private Security → Public |
Launchpad Janitor (janitor) wrote : | #2 |
Status changed to 'Confirmed' because the bug affects multiple users.
Changed in apache2 (Ubuntu): | |
status: | New → Confirmed |
information type: | Public → Public Security |
Christian Ehrhardt (paelzer) wrote : | #3 |
Assigning to ubuntu-security for triage from their POV.
But actually I think this is known and in progress:
https:/
https:/
Changed in apache2 (Ubuntu): | |
assignee: | nobody → Ubuntu Security Team (ubuntu-security) |
status: | Confirmed → In Progress |
As this security issue seems to have not progressed afaik since may, I wanted to make sure whoever is involved in triaging this know that this CVE has been considered a high priority for PCI compliancy checks even though it appears to be marked "Low" by Canonical.
Seth Arnold (seth-arnold) wrote : | #5 |
Hello Chris, thanks for contacting us. If you know why your PCI compliance auditor has flagged these issues as high priorities, it may be helpful to us to better understand the urgency.
We do intend to address these issues but currently we have other issues that we believe are more impactful to work on.
Thanks
Seth Arnold (seth-arnold) wrote : | #6 |
This was addressed in USN 4458-1: https:/
Thanks
Changed in apache2 (Ubuntu): | |
status: | In Progress → Fix Released |
*) SECURITY: CVE-2020-1934 (cve.mitre.org)
mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
server. [Eric Covener]
*) SECURITY: CVE-2020-1927 (cve.mitre.org)
rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
matches and substitutions with encoded line break characters.
The fix for CVE-2019-10098 was not effective. [Ruediger Pluem]