Apache Denial-of-Service Vulnerability 2 Sep 11

A bug in the Apache webserver has recently been widely publicised. The bug is very simple to trigger remotely and causes almost-instant memory exhaustion (OOM) on the targeted server, which causes any sites hosted there to be unavailable until the server is restarted.

mitre.org has links to more information about this bug.

Ubuntu released new versions of the Apache packages last night, which contain a fix for this bug.

We recommend that customers who are using Apache on their Brightboxes, should upgrade as soon as reasonably convenient. The default Brightbox install uses Apache, so if you are unsure whether or not this affects you then you should upgrade Apache using the instructions below.

The upgrade requires a restart of Apache, which will momentarily interrupt service. In cases where your Brightboxes are behind a load-balancer, the impact of this is minimal.

We believe the upgrade to be low-risk; we have already upgraded a large number of our own servers today without incident, and the only changes relative to the previous package are this security fix.

The necessary commands are

sudo apt-get update
sudo apt-get -y install apache2.2-common