Canonical Repairs Apache HTTP Server Exploits for Ubuntu OSes

On November 8, Canonical published details about Apache HTTP Server vulnerabilities for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, Ubuntu 11.04, and Ubuntu 10.04 LTS operating systems.

According to Canonical, several security issues were fixed in the Apache HTTP server.

It was discovered that the mod_negotiation module incorrectly handled certain filenames, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output.

Also, the Apache HTTP Server was vulnerable to the "CRIME" SSL data compression attack.

For a more detailed description of the security problems, you can visit Canonical's security notification.

Users can simply fix the security flaws by upgrading the operating systems to the latest apache2.2-common package, specific to each distribution.

A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.