14 DAY TRIAL // Details about a couple of Apache HTTP Server vulnerabilities that have been found and fixed in Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS have now been published by Canonical in a security notification.
Ubuntu maintainers have issued a patch for all the supported Ubuntu OSes in order to correct the problems found with the Apache HTTP server. As usual, it's a good idea to upgrade the operating system as soon as possible, even if this might not look like an important problem.
"It was discovered that the Apache HTTP Server incorrectly handled the ap_some_auth_required API. A remote attacker could possibly use this issue to bypass intended access restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. Also, It was discovered that the Apache HTTP Server incorrectly parsed chunk headers. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks," reads the security notice.
These two issues have been identified and corrected with this particular update. For a more detailed description of the problems, you can see Canonical's security notification. Users have been advised to upgrade their systems.
The problems can be repaired if you upgrade your system to the latest patch package specific to each distribution. To apply the patch, users will have to run the Update Manager application. A reboot of the system is not required.