-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBGZU5HkBEAC5gtbx2yg8wn9n1x0UKtCSpHCzCL/DDMi+ez8DqaDy2ym8waOh
X6ZeMYxEcRlZMEieo3VfpdioYr/reAs0XViMlSeM7DiMFN1Q6E3yDAaW8Ne/6OwU
6ID8AVV12dooWoa6Xa4hbLLLBMH0XRd8DVw4Zn6s+C18AMweC7Uf3ib62WI7jAxZ
vaRLV+1WWRBQlse5Of7hpvYsqbGuA4l/hzM2LYmWXXDOAsG2DhbSioQdSd89clH9
o1A/fCWNcVC80b7haAG96OaqXSaMny25Vdz5cGWj9SNOcVoXSoGdlu4JFQ/RQo/U
VRk2XTAKVJdIsVW5Fp/4O3z7nLzygDlC10YM0JAfNCuAgcr8pp14Tlz8ExMNqO7z
yhQt0iCn63UD5f/UB0oK2Ix8I5QK4JoHOeOUq8sDZez+bfX+D2KrYLQ4HONWNR2T
7XVnK9YNfWZyztZ7kVZlG3r/WSn1D6ZBj+Aolv2XtzweAn8HNxR3yZZe+1FoHLV3
JnNG1zaQs+WQJFGcQdjzdu5nvKXf4o0TJuakMbhcAh9DmhHGhRvesp9LOrDKxv7C
OXm8ER6G1wRyIh78bPTe6zRfMP49MX1LKUOHf+2T4IRt/7bz4OFXl5vfCWlAOUWN
i6EJ2qImw+2ouEKu9X/9p+I3FDALtOoys1MBKAdQsG/RhDfB2Bt/BRtZ7wARAQAB
zTZPY3RhdmlvIEFkb2xmbyBHYWxsYW5kIDxvY3RhdmlvLmdhbGxhbmRAY2Fub25p
Y2FsLmNvbT7CwZEEEwEKADsWIQRH8irnonVCkXIr8JD24UD22zWeWAUCZlTkeQIb
AwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRD24UD22zWeWNDaEACJOesZ
823ro/m2o9PVvjyw0wKn1/beHamwJFpp1ciDwYTLemsGjJf1e5D2HBVNTGSqmmnh
IZVSeCq6Ni9PbJlGsxJrGlVpaJRS8LBD/3xQNg5KYyT5loSge53oFBZgTAIj2sNX
UmtWZagQlBPdOB982CHqO6+2J/Dbly6qSKp8UUgatUNzbvClVhJmxA9TpV2WumSA
e4zR1JirXZGGgCg5NLhFiGtySnyS4lcl+hjtdYsvD3FDOiAJaSMJfCagW1gmpjX2
znaDhexnT6rXvWeV8ZP5xbMJfS7UxeArdW09uBBohjFteHzaBnqppVxMOwMaId0w
/+TRFsT+sDPMsdMBakJ3Tw6WS4qbfY8pbJGuvKZ4x5ZJlZdXpx9wsVY7EsA2qRqb
GtEFsyy+7zQ4HUTTbSmUc9PATpmcyJpXGM47iaGmN735Qc2gcZZLHYfylEs8bxHo
DeDxnDSDZhw+0E2/ZRRLUOlUzsxxGWW5tsJ+GHe69eceiDQJOdAiomJkSJMXQStv
vfsDd5wmX8Z8Yf+NGwWK0X/KQXBo6a9/6aDRE9HwyadYF+3F87dbr8KY/GlhYn6i
s5YRgGEIynvOVvxfrb3EAXe0f6iJq1TCEyvKAn3zhaw070wZWsVploAPJ8y9PKwi
UaHfH6s9RVZ94Qtz4BwasdGo2mnHJP0NWQcsnc7BTQRmVOR5ARAAuVJlTQ0Me3Fo
N8cVaUnux5nFraEUdLdKM9iD8L5Pj+LCJGHWkb3yGfdcWHkV9eOKTuixSajdJEj7
EKdzYaLRyKItwT0PFPcgNV7C6OGZYGvOd+9jGxMH4P9ENf+3eNurt+Za8SPLboRZ
faprZhn2nIX8JWPqWDzV3YUkq4Oyxo7DJJenuDQLPnG3WtcKogOpIpbw2h0vm04E
O5honjtDY8iwyYabl17/bFmZowL2SOmAgohWsGgzC3+/Zoyr7n80Ayv1nl/6Tecg
hqrRNfWTG8Y2e25p90DSv6D+NUwLWTaFHP1OivVfnvTTyrtQUGrV2rRR5AYzmqaz
NjGlAZ0FzZdKVV1vjgFZNnHH2avyQUALz3miaB3h2GHJbhI9EjhOkv+jVzMR8Pok
w19kS0ewed+O8PG5CecJZfwgDNWaqLL3QGYMFVKC5n8Ekv+XfqNxcgT3un8Zles5
V3ejOhdjvQqvKuV4ey5nZ8he/kzZbW27oGiy58SxK9RMy57bs3ugm8wbKc1B/EOX
2LdLo1kdQqCa3lWDReyb0S2I14ml9qddc3UA/IBtZDy0AfOlNbwzV+V9SW8j8lXh
4KGGNfNfsuRsSoiYNyIzCQEtRCEm9c/SkTwhW2oNTdztRtageji91y9zOPRf3lN9
HpDR05a8AoC1YonHZxxNcxQMScIUHp8AEQEAAcLBdgQYAQoAIBYhBEfyKueidUKR
civwkPbhQPbbNZ5YBQJmVOR5AhsMAAoJEPbhQPbbNZ5Yef0P/AwNuhnujouSKmc/
Nov/pHkcujZaYsn1iIoYEqhmWjpnBQav+m63G+RZ5zjqu36G7uhZkpYILPihLOJZ
X2SuTIrVitnJ+ocXK2QFLbW8gUlvqRi4kP5XbUQ0yAVWzPFlY9BNK6DUrj0LeC5n
4i+llAI9d50MiqlUDp+pdCotsuyE0PuuGDkY943LXWnPRPnHCv96ocOglN/dyVCB
N1fjEStCG4q3xzYO1KX3WnPOdurPh/CDw6Uypfr6VOlU+3BN+7t2wCk2V7tDjaYH
8/pZCzHCH3FDzUdEuVRBE0eB73yNFv1/SgVstqvTUfcYnaOm2EgvtBB14gIC8qBO
GPSjlh/7kMmD7m8ZiJNknUOL04mOFkDufnbcNUxmYEbn33TCbSIWDjt3RxTHVnzB
UZjYdBkUNJU1JcxDRJzoILSMUSLSH69z90UaArMiKMGtRoIQj2vSSQzdUgeGBBKv
vqE74KMQ0kj/qLaX6cCLUBX2kBShMVbQ7igp3Jytqj8hRvpPVo+xoXd42UWmLTCa
ISvwLtKvzrXYT80yYVUHhCx9keJ+zuOloshIPmvdVvfuoVaGVMpf6/gOJniRuUwA
ufUEKoy7Nl7w6e9pNIM7S5k7TqinqALWixkER9AfIOmEYYsmTVTBDLjsSEv0QWyJ
QGrNPtvSWtSzFkAmdaSP92Yi2kr2
=ZpuF
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEER/Iq56J1QpFyK/CQ9uFA9ts1nlgFAmZoWaAFAwAAAAAACgkQ9uFA9ts1nlir
Rw/+MN1u2XcDlmQZWB5H7h+8/DlbNtMlq1RWyQ6jvdBp8jP5SoJ0DYbzFvUYkUZn9pKCHU7Nxy/W
MvqS6MmAE3g5V84+T1E5UOad3sIgQGO1iUBKXX7N2igg3fHLInkzC8B8Gd8XcQP1ItAXnqr9xsCa
dMygmVaWbrEH2qlZ61XSQQvtGt9K8EaLGhrs/0QvIlrSofLwJPtc0zDCD2sZWlZyH91zwxadnltJ
f58Yaoon1VYQQqEJIhOh3K9/mTVUPceXlfoIiQ1ukbqTUqn6D0pZVGjGeC68Vzdhg/RS4se248g2
ZYiX/EKE+wVVDx5SuyRxbWPS+F8X8z8Bn8L+no5lIZYw/1yXAIj9XsUBR2k4ioCH3ui2ktHEYFMe
WC2CUCTwEDoJ0h6wtyCasmZmDVjUdG0nYTd7GbR/FMCH+yZBTrrr/Cdkqt2OhzVXQJ3Se7jMd9I6
zmrexYQipZWgU0U7Qa3flflrZytGbZ4IGVf85qcJN4ekVffPzfyhJacw0lQqrglvF9ZadNRPRRLx
P4TZzTupvw6SEGwJQqs3FIJVAhCfbVzobOIehw2YeWQG+uZid0GHOzUGsFNmKCllo6ry5QOwcwzn
ev01WD673Crn6piivUh6dL0jay54tjP/CQhbRL1yEQmAr6fqm1duzTSQwclTME+jaPGzA2n3Drau
bpM=
=+Qzz
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6826-1
June 11, 2024
libapache-mod-jk vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
mod_jk could allow unintended access to network services.
Software Description:
- libapache-mod-jk: Apache 2 connector for the Tomcat Java servlet engine
Details:
Karl von Randow discovered that mod_jk was vulnerable to an authentication
bypass. If the configuration did not provide explicit mounts for all
possible proxied requests, an attacker could possibly use this
vulnerability to bypass security constraints configured in httpd.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10
libapache2-mod-jk 1:1.2.48-2ubuntu0.1
Ubuntu 22.04 LTS
libapache2-mod-jk 1:1.2.48-1ubuntu0.1
Ubuntu 20.04 LTS
libapache2-mod-jk 1:1.2.46-1ubuntu0.1
Ubuntu 18.04 LTS
libapache2-mod-jk 1:1.2.43-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libapache2-mod-jk 1:1.2.41-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6826-1
CVE-2023-41081
Package Information:
https://launchpad.net/ubuntu/+source/libapache-mod-jk/1:1.2.48-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libapache-mod-jk/1:1.2.48-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libapache-mod-jk/1:1.2.46-1ubuntu0.1
No comments:
Post a Comment