Personally, I think like many of you: there is nothing to worry about. Ubuntu, like any other Linux distribution in general, is a very secure operating system, in part thanks to the community helping to fix bugs as soon as they are discovered. Also, Canonical is a major company that responds in days, if not hours, but this is a blog about Ubuntu and sometimes we have to report security flaws, such as 7 Apache HTTP Server vulnerabilities that the company that runs Mark Shuttleworth has already corrected.
Just like they report on the Ubuntu security news page, the bug affects (ba) all versions of Ubuntu that still enjoy support in their normal life cycle, which are Ubuntu 19.04, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. We mention "in its normal life cycle" because there are currently two more versions that are supported, an Ubuntu 14.04 and an Ubuntu 12.04 that are in the ESM (Extended Security Maintenance) phase, which means that they still receive certain security patches .
Apache HTTP Server bugs fixed on August 29
As mentioned, Canonical has fixed up to 7 Apache HTTP Server security flaws: CVE-2019-0197, CVE-2019-10081, CVE-2019-10082, CVE-2019-10097 y CVE-2019-9517 could be used by a remote attacker to cause denial of service, in the case of the third party even exposing sensitive information. Bill CVE-2019-10092 could allow a remote attacker to perform cross-site scripting (XSS) attacks. And the CVE-2019-10098 it could be used by a remote attacker to expose sensitive information or bypass certain restrictions.
The patches, already available and that can be applied from the software updater usual, they are apache2 - 2.4.38-2ubuntu2.2 y apache2-bin - 2.4.38-2ubuntu2.2 on Ubuntu 19.04, apache2 - 2.4.29-1ubuntu4.10 y apache2-bin - 2.4.29-1ubuntu4.10 on Ubuntu 18.04 and apache2 - 2.4.18-2ubuntu3.12 y apache2-bin - 2.4.18-2ubuntu3.12 on Ubuntu 16.04.
But, as we have already explained, there is nothing to worry about. Bugs found in Linux are often difficult to exploit and companies like Canonical are quick to fix them. All we have to do is keep our team always updated.
