Apache2 removing content (body) of proxied requests after upgrade USN-5487-1

Bug #1979589 reported by Tolga Özgan
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Hi There,
we have an Ubuntu 14.04 with ESM. The Apache is used as a reverse proxy for localhost micro-services. Until version 2.4.7-1ubuntu4.22+esm5 which was applied yesterday, it was working correctly. We can see that the content (body) of the proxied requests are removed and the "Content-length" header is set to 0. WE can see this via tcpdump. There is only one virtual host (plus the redirect http to https)
We had to roll back the change to an available earlier version (2.4.7-1ubuntu4.22 amd64) and everything is working again. This is a production server so it has also a security impact...
Please investigate.
I can provide further information if needed.
Thank you very much

description: updated
description: updated
description: updated
Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

[subscribing Ubuntu security team to take a look at this regression report.]

Revision history for this message
Alex Murray (alexmurray) wrote :

https://ubuntu.com/security/notices/USN-5487-3 was published earlier today which should resolve the regressions from USN-5487-1 - can you please update to 2.4.7-1ubuntu4.22+esm8 and verify if this fixes the issue you are seeing? Thanks.

Revision history for this message
Paride Legovini (paride) wrote :

Hello Tolga and thanks for this bug report. I'm marking this as Incomplete for now as it's waiting for confirmation that 2.4.7-1ubuntu4.22+esm8 actually fixes the regression.

Changed in apache2 (Ubuntu):
status: New → Incomplete
Revision history for this message
Tolga Özgan (ctsd-devops) wrote :

We could not test it yet...

Revision history for this message
Tolga Özgan (ctsd-devops) wrote :

 Installed and tested yesterday and it works.
Bug can be closed.
Thank you

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Thanks Tolga

Changed in apache2 (Ubuntu):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers