Apache2 handling requests with incorrect VirtualHosts following upgrade for USN-5487-1

Bug #1979577 reported by Paul Goins
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Fix Released
Undecided
Leonidas S. Barbosa
Trusty
In Progress
Undecided
Leonidas S. Barbosa

Bug Description

Hello,

I have an Ubuntu 14.04 Trusty server (ESM) with multiple name-based VirtualHost directives forwarding traffic to multiple remote servers. This was working correctly until an upgrade to 2.4.7-1ubuntu4.22+esm5 was applied today. It appears this release was in response to USN-5487-1.

Now, only one of our VirtualHosts appears to be working correctly. Requests against the other virtual hosts give us errors, and we note that in the error responses, we're seeing the ServerName of the first VirtualHost config file we have defined.

Please let me know if you need additional information for this. As this affects Canonical-internal services, it may be appropriate to reach out to me directly via internal channels.

Best Regards,
Paul Goins

Revision history for this message
Tolga Özgan (ctsd-devops) wrote :

Hi There,
we have also an Ubuntu 14.04 with ESM. The Apache is used as a reverse proxy for localhost micro-services. Up until version 2.4.7-1ubuntu4.22+esm5 it was working correctly. We can see that the content (body) of the proxied requests are removed and the "Content-length" header is set to 0.
We had to roll back the change to an available earlier version and everything is working again. This is a production server so it is a painful rollback...
I will file also another bug report.

Revision history for this message
Junien Fridrick (axino) wrote :

We were seeing the same symptoms that Tolga described. Upgrading to esm6 fixed the problem.

Revision history for this message
Leonidas S. Barbosa (leosilvab) wrote :

working on a new update that fixes the issue plus re-add all security fixes from esm5 one.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

This update reverted the problematic fix:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2022-June/006641.html

We will publish a subsequent update within the next few hours that will reintroduce a fixed security update.

Changed in apache2 (Ubuntu Trusty):
assignee: nobody → Leonidas S. Barbosa (leosilvab)
status: New → In Progress
Revision history for this message
Leonidas S. Barbosa (leosilvab) wrote :
Changed in apache2 (Ubuntu):
status: New → Fix Released
assignee: nobody → Leonidas S. Barbosa (leosilvab)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers