========================================================================== Ubuntu Security Notice USN-7469-1 April 28, 2025
trafficserver vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Apache Traffic Server could be made to crash if it received specially crafted network traffic. Software Description:- trafficserver: fast, scalable and extensible HTTP/1.1 and HTTP/2.0 caching proxy
Details: It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to cause Apache Traffic Server to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS trafficserver 9.1.1+ds-2ubuntu0.1~esm1 Available with Ubuntu Pro trafficserver-dev 9.1.1+ds-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS trafficserver 8.0.5+ds-3ubuntu0.1~esm1 Available with Ubuntu Pro trafficserver-dev 8.0.5+ds-3ubuntu0.1~esm1 Available with Ubuntu Pro After a standard system update you need to restart Apache Traffic Server to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7469-1 CVE-2023-44487
OpenPGP_signature.asc
Description: OpenPGP digital signature
