-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.0982
                   USN-4307-1: Apache HTTP Server update
                               19 March 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           apache2
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Reduced Security -- Unknown/Unspecified
Resolution:        Patch/Upgrade

Original Bulletin: 
   https://usn.ubuntu.com/4307-1/

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4307-1: Apache HTTP Server update
18 March 2020

apache2 update
A security issue affects these releases of Ubuntu and its derivatives:

  o Ubuntu 18.04 LTS

Summary

TLSv1.3 support has been enabled in Apache HTTP Server in Ubuntu 18.04 LTS.

Software Description

  o apache2 - Apache HTTP server

Details

As a security improvement, this update adds TLSv1.3 support to the Apache HTTP
Server package in Ubuntu 18.04 LTS.

TLSv1.3 is enabled by default, and in certain environments may cause
compatibility issues. The SSLProtocol directive may be used to disable TLSv1.3
in these problematic environments.

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 18.04 LTS
    apache2-bin - 2.4.29-1ubuntu4.13

To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .

In general, a standard system update will make all the necessary changes.

References

  o LP: 1845263

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXnMLKWaOgq3Tt24GAQi0IA//VXXxP6wjICSbSQv63tZbAFQrcoMkHEcH
tzx637M8tRZxsONdiJ9m4Hk5c6Am2eoP2xwmLvRfFqlCe3MDRay0q1MCLLKj+PJh
22rQeZ2xPLNQsE5uFa+KDVfYCGr6nOjM7aCIqX4nTHBO3QKFk03GJ5t6tAfpL5Bu
HQRc8/mxtfMOmUvbQGvi1owEV5kvr4xY7S4FG8MRUVWoaRQbbloSqS1e/v9y6VDf
1b+/n0MTD8sf0NwT0GKWXOu1pOTRSu9Ovag/RjXNvorC0ks41hVr/iyYg1MqRp6m
dsIWFLyF2OYPVsDD9eUsIkcRrc/6+M9c7AYn6Prm9ym+ZMCXPVKsXvoF7yV70XCQ
+69axTD7baY8QjWgQSB9YkfFVQ+eknn50D4ByONHfn0b9g1WO3x5IIsOr0FWcGsD
Z8tlBG9tH8aTlb1CtKW/VHZE4uQxgC+mGyqhEQAOdH63tB20kGzyGaJ6oJkkYzls
jKf6x/v46DpnZx04vqkVf5jp+cmCoGwTedIIlOGJ2kjW0aq3//uHBsPPnZU2Q4uR
MleOajCYoRsAIOwM2iJoT68jjnSvUcsSJIeoh0m49BjAmKp5ktDBcc7WwSE/SRYH
kxlIuOrDIlXiMM7+BOio2h4W9ha3wT1cepkqKUHuy25ap2Quyn1c86cu3OmN1N4E
kLFhBf9GzlI=
=3s71
-----END PGP SIGNATURE-----