Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0982 USN-4307-1: Apache HTTP Server update 19 March 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: apache2 Publisher: Ubuntu Operating System: Ubuntu Impact/Access: Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade Original Bulletin: https://usn.ubuntu.com/4307-1/ - --------------------------BEGIN INCLUDED TEXT-------------------- USN-4307-1: Apache HTTP Server update 18 March 2020 apache2 update A security issue affects these releases of Ubuntu and its derivatives: o Ubuntu 18.04 LTS Summary TLSv1.3 support has been enabled in Apache HTTP Server in Ubuntu 18.04 LTS. Software Description o apache2 - Apache HTTP server Details As a security improvement, this update adds TLSv1.3 support to the Apache HTTP Server package in Ubuntu 18.04 LTS. TLSv1.3 is enabled by default, and in certain environments may cause compatibility issues. The SSLProtocol directive may be used to disable TLSv1.3 in these problematic environments. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS apache2-bin - 2.4.29-1ubuntu4.13 To update your system, please follow these instructions: https:// wiki.ubuntu.com/Security/Upgrades . In general, a standard system update will make all the necessary changes. References o LP: 1845263 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXnMLKWaOgq3Tt24GAQi0IA//VXXxP6wjICSbSQv63tZbAFQrcoMkHEcH tzx637M8tRZxsONdiJ9m4Hk5c6Am2eoP2xwmLvRfFqlCe3MDRay0q1MCLLKj+PJh 22rQeZ2xPLNQsE5uFa+KDVfYCGr6nOjM7aCIqX4nTHBO3QKFk03GJ5t6tAfpL5Bu HQRc8/mxtfMOmUvbQGvi1owEV5kvr4xY7S4FG8MRUVWoaRQbbloSqS1e/v9y6VDf 1b+/n0MTD8sf0NwT0GKWXOu1pOTRSu9Ovag/RjXNvorC0ks41hVr/iyYg1MqRp6m dsIWFLyF2OYPVsDD9eUsIkcRrc/6+M9c7AYn6Prm9ym+ZMCXPVKsXvoF7yV70XCQ +69axTD7baY8QjWgQSB9YkfFVQ+eknn50D4ByONHfn0b9g1WO3x5IIsOr0FWcGsD Z8tlBG9tH8aTlb1CtKW/VHZE4uQxgC+mGyqhEQAOdH63tB20kGzyGaJ6oJkkYzls jKf6x/v46DpnZx04vqkVf5jp+cmCoGwTedIIlOGJ2kjW0aq3//uHBsPPnZU2Q4uR MleOajCYoRsAIOwM2iJoT68jjnSvUcsSJIeoh0m49BjAmKp5ktDBcc7WwSE/SRYH kxlIuOrDIlXiMM7+BOio2h4W9ha3wT1cepkqKUHuy25ap2Quyn1c86cu3OmN1N4E kLFhBf9GzlI= =3s71 -----END PGP SIGNATURE-----