Ubuntu Security Notice USN-3279-1

Ubuntu Security Notice 3279-1 – It was discovered that the Apache mod_session_crypto module was encrypting data and cookies using either CBC or ECB modes. A remote attacker could possibly use this issue to perform padding oracle attacks. Maksim Malyutin discovered that the Apache mod_auth_digest module incorrectly handled malicious input. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. Various other issues were also addressed.

Link: https://packetstormsecurity.com/files/142434/USN-3279-1.txt