Referenced CVEs:
CVE-2010-0408, CVE-2010-0434
Description:
===========================================================Ubuntu Security Notice USN-908-1 March 10, 2010apache2 vulnerabilitiesCVE-2010-0408, CVE-2010-0434===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 8.04 LTSUbuntu 8.10Ubuntu 9.04Ubuntu 9.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.10Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.15Ubuntu 8.10: apache2.2-common 2.2.9-7ubuntu3.6Ubuntu 9.04: apache2.2-common 2.2.11-2ubuntu2.6Ubuntu 9.10: apache2.2-common 2.2.12-1ubuntu2.2In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that mod_proxy_ajp did not properly handle errors whena client doesn't send a request body. A remote attacker could exploit thiswith a crafted request and cause a denial of service. This issue affectedUbuntu 8.04 LTS, 8.10, 9.04 and 9.10. (CVE-2010-0408)It was discovered that Apache did not properly handle headers insubrequests under certain conditions. A remote attacker could exploit thiswith a crafted request and possibly obtain sensitive information fromprevious requests. (CVE-2010-0434)
More...
