Home / mailings

PDF

[USN-2625-1] Apache HTTP Server update

Posted on 02 June 2015
Ubuntu Security

==========================
==========================
========================
Ubuntu Security Notice USN-2625-1
June 02, 2015

apache2 update
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Several security improvements have been made to the Apache HTTP Server.

Software Description:
- apache2: Apache HTTP server

Details:

As a security improvement, this update makes the following changes to
the Apache package in Ubuntu 12.04 LTS:

Added support for ECC keys and ECDH ciphers.

The SSLProtocol configuration directive now allows specifying the TLSv1.1=

and TLSv1.2 protocols.

Ephemeral key handling has been improved, including allowing DH parameter=
s
to be loaded from the SSL certificate file specified in SSLCertificateFil=
e.

The export cipher suites are now disabled by default.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
apache2.2-bin 2.2.22-1ubuntu1.9

In general, a standard system update will make all the necessary changes.=


References:
http://www.ubuntu.com/usn/usn-2625-1
https://launchpad.net/bugs/1197884, https://launchpad.net/bugs/1400473

Package Information:
https://launchpad.net/ubuntu/+source/apache2/2.2.22-1ubuntu1.9

 

TOP