========================================================================== Ubuntu Security Notice USN-7469-4 April 30, 2025
h2o vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: H2O could be made to crash if it received specially crafted network traffic. Software Description: - h2o: an optimized HTTP server with support for HTTP/1.x, HTTP/2, and HTTP/3 Details: USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update provides the corresponding updates for H2O. Original advisory details: It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to cause Apache Traffic Server to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS h2o 2.2.4+dfsg-1ubuntu0.1~esm2 Available with Ubuntu Pro libh2o0.13 2.2.4+dfsg-1ubuntu0.1~esm2 Available with Ubuntu Pro After a standard system update you need to restart H2O to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7469-4 https://ubuntu.com/security/notices/USN-7469-3 https://ubuntu.com/security/notices/USN-7469-2 https://ubuntu.com/security/notices/USN-7469-1 CVE-2023-44487
OpenPGP_signature.asc
Description: OpenPGP digital signature
