apache2 security fix in 2.4.43

Bug #1870818 reported by Gleb on 2020-04-04
262
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Undecided
Ubuntu Security Team

Bug Description

update version apache to 2.4.43

CVE References

Gleb (long76) wrote :

*) SECURITY: CVE-2020-1934 (cve.mitre.org)
     mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
     server. [Eric Covener]

*) SECURITY: CVE-2020-1927 (cve.mitre.org)
     rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
     matches and substitutions with encoded line break characters.
     The fix for CVE-2019-10098 was not effective. [Ruediger Pluem]

Gleb (long76) on 2020-04-04
information type: Private Security → Public
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apache2 (Ubuntu):
status: New → Confirmed
information type: Public → Public Security

Assigning to ubuntu-security for triage from their POV.

But actually I think this is known and in progress:
https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1934.html
https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1927.html

Changed in apache2 (Ubuntu):
assignee: nobody → Ubuntu Security Team (ubuntu-security)
status: Confirmed → In Progress
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Related questions