Ubuntu
apache2 package

Apache2 handling requests with incorrect VirtualHosts following upgrade for USN-5487-1

Trusty (14.04)
Bug #1979577

Bug #1979577 reported by Paul Goins on 2022-06-22

10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	apache2 (Ubuntu)	Fix Released	Undecided	Leonidas S. Barbosa
	Trusty	In Progress	Undecided	Leonidas S. Barbosa

Bug Description

Hello,

I have an Ubuntu 14.04 Trusty server (ESM) with multiple name-based VirtualHost directives forwarding traffic to multiple remote servers. This was working correctly until an upgrade to 2.4.7-1ubuntu4.22+esm5 was applied today. It appears this release was in response to USN-5487-1.

Now, only one of our VirtualHosts appears to be working correctly. Requests against the other virtual hosts give us errors, and we note that in the error responses, we're seeing the ServerName of the first VirtualHost config file we have defined.

Please let me know if you need additional information for this. As this affects Canonical-internal services, it may be appropriate to reach out to me directly via internal channels.

Best Regards,
Paul Goins

Revision history for this message

Tolga Özgan (ctsd-devops) wrote on 2022-06-23:

#1

Hi There,
we have also an Ubuntu 14.04 with ESM. The Apache is used as a reverse proxy for localhost micro-services. Up until version 2.4.7-1ubuntu4.22+esm5 it was working correctly. We can see that the content (body) of the proxied requests are removed and the "Content-length" header is set to 0.
We had to roll back the change to an available earlier version and everything is working again. This is a production server so it is a painful rollback...
I will file also another bug report.

Revision history for this message

Junien F (axino) wrote on 2022-06-23:

#2

We were seeing the same symptoms that Tolga described. Upgrading to esm6 fixed the problem.

Revision history for this message

Leonidas S. Barbosa (leosilvab) wrote on 2022-06-23:

#3

working on a new update that fixes the issue plus re-add all security fixes from esm5 one.

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2022-06-23:

#4

This update reverted the problematic fix:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2022-June/006641.html

We will publish a subsequent update within the next few hours that will reintroduce a fixed security update.

Changed in apache2 (Ubuntu Trusty):
assignee:	nobody → Leonidas S. Barbosa (leosilvab)
status:	New → In Progress

Revision history for this message

Leonidas S. Barbosa (leosilvab) wrote on 2022-06-24:

#5

https://ubuntu.com/security/notices/USN-5487-3

Changed in apache2 (Ubuntu):
status:	New → Fix Released
assignee:	nobody → Leonidas S. Barbosa (leosilvab)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.