Ubuntu Update for Linux kernel vulnerabilities USN-1627-1

Please Install the Updated Packages.

It was discovered that the mod_negotiation module incorrectly handled certain filenames, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2012-2687) It was discovered that the Apache HTTP Server was vulnerable to the &quot CRIME&quot SSL data compression attack. Although this issue had been mitigated on the client with newer web browsers, this update also disables SSL data compression on the server. A new SSLCompression directive for Apache has been backported that may be used to re-enable SSL data compression in certain environments. For more information, please refer to: http://httpd.apache.org/docs/2.4/mod/mod_ssl.html (CVE-2012-4929)

apache2 on Ubuntu 12.10 , Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS