Category Archives: Advisories

USN-5487-3: Apache HTTP Server regression

Read Time:1 Minute, 24 Second

USN-5487-1 fixed several vulnerabilities in Apache HTTP Server.
Unfortunately it caused regressions. USN-5487-2 reverted the
patches that caused the regression in Ubuntu 14.04 ESM for further
investigation. This update re-adds the security fixes for Ubuntu
14.04 ESM and fixes two different regressions: one affecting mod_proxy
only in Ubuntu 14.04 ESM and another in mod_sed affecting also Ubuntu 16.04 ESM
and Ubuntu 18.04 LTS.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled
certain crafted request. A remote attacker could possibly use this issue to
perform an HTTP Request Smuggling attack. (CVE-2022-26377)

It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-28614)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a crash or expose
sensitive information. (CVE-2022-28615)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-29404)

It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a crash.
(CVE-2022-30522)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to execute arbitrary code or cause
a crash. (CVE-2022-30556)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to bypass IP based authentication.
(CVE-2022-31813)

Read More

USN-5487-2: Apache HTTP Server regression

Read Time:1 Minute, 12 Second

USN-5487-1 fixed a vulnerabilities in Apache. Unfortunately, that update introduced
a regression when proxying balancer manager connections in some configurations
on Ubuntu 14.04 ESM. This update reverts those changes till further fix.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled
certain crafted request. A remote attacker could possibly use this issue to
perform an HTTP Request Smuggling attack. (CVE-2022-26377)

It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-28614)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a crash or expose
sensitive information. (CVE-2022-28615)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-29404)

It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a crash.
(CVE-2022-30522)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to execute arbitrary code or cause
a crash. (CVE-2022-30556)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to bypass IP based authentication.
(CVE-2022-31813)

Read More

CVE-2017-20085

Read Time:10 Second

A vulnerability has been found in Atahualpa Theme and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely.

Read More

CVE-2017-20086

Read Time:10 Second

A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely.

Read More

CVE-2017-20087

Read Time:13 Second

A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely.

Read More

CVE-2017-20088

Read Time:10 Second

A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.

Read More

CVE-2017-20089

Read Time:11 Second

A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The attack may be initiated remotely.

Read More

cadvisor-0.44.1-3.fc37 containerd-1.6.6-4.fc37 golang-github-cloudflare-redoctober-0-0.12.20210114git99c99a8.fc37 golang-github-intel-goresctrl-0.2.0-6.fc37 golang-github-oklog-0.3.2-11.20190701gitca7cdf5.fc37 golang-github-prometheus-2.32.1-6.fc37 golang-github-prometheus-node-exporter-1.3.1-9.fc37 golang-github-theupdateframework-notary-0.7.0-6.fc37 nebula-1.5.2-5.fc37 open-policy-agent-0.31.0-6.fc37

Read Time:29 Second

FEDORA-2022-cd92e4cc43

Packages in this update:

cadvisor-0.44.1-3.fc37
containerd-1.6.6-4.fc37
golang-github-cloudflare-redoctober-0-0.12.20210114git99c99a8.fc37
golang-github-intel-goresctrl-0.2.0-6.fc37
golang-github-oklog-0.3.2-11.20190701gitca7cdf5.fc37
golang-github-prometheus-2.32.1-6.fc37
golang-github-prometheus-node-exporter-1.3.1-9.fc37
golang-github-theupdateframework-notary-0.7.0-6.fc37
nebula-1.5.2-5.fc37
open-policy-agent-0.31.0-6.fc37

Update description:

Rebuild to mitigate CVE-2022-21698 (rhbz#2067400).

Read More