Launchpad CVE tracker

CVE 2015-0228

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.

Related bugs and status

CVE-2015-0228 (Candidate) is related to these bugs:

Bug #1425141: mod_headers CVE-2013-5704

		In	Importance	Status
1425141	mod_headers CVE-2013-5704	apache2 (Ubuntu)	Undecided	Fix Released
1425141	mod_headers CVE-2013-5704	apache2 (Ubuntu Precise)	Low	Fix Released
1425141	mod_headers CVE-2013-5704	apache2 (Ubuntu Trusty)	Low	Fix Released
1425141	mod_headers CVE-2013-5704	apache2 (Ubuntu Lucid)	Low	Fix Released
1425141	mod_headers CVE-2013-5704	apache2 (Ubuntu Vivid)	Undecided	Fix Released
1425141	mod_headers CVE-2013-5704	apache2 (Ubuntu Utopic)	Low	Fix Released

Bug #1430936: /usr/share/doc/apache2/examples/setup-instance neglects to create symlinkjs a2enconf-$SUFFIX and a2disconf-$SUFFIX in /usr/local/sbin

Summary				In	Importance	Status
	1430936	/usr/share/doc/apache2/examples/setup-instance neglects to create symlinkjs a2enconf-$SUFFIX and a2disconf-$SUFFIX in /usr/local/sbin		apache2 (Ubuntu)	Undecided	Fix Released

Bug #1474787: UPDATE REQUEST: httpd24u 2.4.16 is available upstream

Summary				In	Importance	Status
	1474787	UPDATE REQUEST: httpd24u 2.4.16 is available upstream		IUS Community Project	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-0228

References