Referenced CVEs:
CVE-2007-6203, CVE-2007-6420, CVE-2008-1678, CVE-2008-2168, CVE-2008-2364, CVE-2008-2939


Description:
===========================================================Ubuntu Security Notice USN-731-1 March 10, 2009apache2 vulnerabilitiesCVE-2007-6203, CVE-2007-6420, CVE-2008-1678, CVE-2008-2168,CVE-2008-2364, CVE-2008-2939===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.4 apache2-mpm-perchild 2.0.55-4ubuntu2.4 apache2-mpm-prefork 2.0.55-4ubuntu2.4 apache2-mpm-worker 2.0.55-4ubuntu2.4Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.2 apache2-mpm-perchild 2.2.4-3ubuntu0.2 apache2-mpm-prefork 2.2.4-3ubuntu0.2 apache2-mpm-worker 2.2.4-3ubuntu0.2 apache2.2-common 2.2.4-3ubuntu0.2Ubuntu 8.04 LTS: apache2-mpm-event 2.2.8-1ubuntu0.5 apache2-mpm-perchild 2.2.8-1ubuntu0.5 apache2-mpm-prefork 2.2.8-1ubuntu0.5 apache2-mpm-worker 2.2.8-1ubuntu0.5 apache2.2-common 2.2.8-1ubuntu0.5In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that Apache did not sanitize the method specifier header froman HTTP request when it is returned in an error message, which could result inbrowsers becoming vulnerable to cross-site scripting attacks when processing theoutput. With cross-site scripting vulnerabilities, if a user were tricked intoviewing server output during a crafted server request, a remote attacker couldexploit this to modify the contents, or steal confidential data (such aspasswords), within the same domain. This issue only affected Ubuntu 6.06 LTS and7.10. (CVE-2007-6203)It was discovered that Apache was vulnerable to a cross-site request forgery(CSRF) in the mod_proxy_balancer balancer manager. If an Apache administratorwere tricked into clicking a link on a specially crafted web page, an attackercould trigger commands that could modify the balancer manager configuration.This issue only affected Ubuntu 7.10 and 8.04 LTS. (CVE-2007-6420)It was discovered that Apache had a memory leak when using mod_ssl withcompression. A remote attacker could exploit this to exhaust server memory,leading to a denial of service. This issue only affected Ubuntu 7.10.(CVE-2008-1678)It was discovered that in certain conditions, Apache did not specify a defaultcharacter set when returning certain error messages containing UTF-7 encodeddata, which could result in browsers becoming vulnerable to cross-site scriptingattacks when processing the output. This issue only affected Ubuntu 6.06 LTS and7.10. (CVE-2008-2168)It was discovered that when configured as a proxy server, Apache did not limitthe number of forwarded interim responses. A malicious remote server could senda large number of interim responses and cause a denial of service via memoryexhaustion. (CVE-2008-2364)It was discovered that mod_proxy_ftp did not sanitize wildcard pathnames whenthey are returned in directory listings, which could result in browsers becomingvulnerable to cross-site scripting attacks when processing the output.(CVE-2008-2939)





More...