Monday, April 28, 2025

[USN-7469-1] Apache Traffic Server vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEyMDHOTG0YH5UsajI8pSCVQZYHygFAmgPtnEFAwAAAAAACgkQ8pSCVQZYHyh1
zg//TIeC8iAkd1w3UkvfUA/OXBqliGWS9kGLMXpcOkihfpp3lO4gQPxFdO1OaXod0QQVHOeOvxc4
etnIlsVTTjULisyjYMmS+ngCG6oiMKTecliGi4KiLQnSiUjfz5TqhtZs9bVdbXAqr3daapPjqVbO
TBzW3FQzmkbfemwR/EeS7HynOZH237lcSW3n+rvMSikMDuaXYyP+bfd9f+kMURlKpSzs4AvrN+RM
EG++sZZLtouZETvvmN/xlIhvydCs1pm3BzpdhcJ6Tsov8kIWaFwBJ+TQZuCR2p8b+uXiyVkqDEcJ
T/+OWF74rwVy0gDn6xjCfDUp9sxlCe9k0bU1IkDg8y4EGPcdoSfAVbr4GwDF+bjI/F5YVlScFLrw
bkH8jq1V4R9CLksasVB3v6Ul16L7MeejDnCQT0AAJdJ6jZDwpRfwd7WhgVXoN/khHWwnsOL7TV/u
uWaxR5S+XvagWtrpaAWHl2mq01mCfP4YJ26Ur3kAXgx5f0iywFHxFDy8fuHo9vfNOLH+qvpFA/YA
gFFfkeQX0kE15yXKT6I3sXE6it8qOVKC4OaXCqgAgmJD5lssPkWFNmCS2cMiG1iVsOne/m9x8wcW
/O0oHqzkBgmCBxlY8jDZf5Y9k+dZ/uaTLyW5caBQS+fpix8+e30cb+Jmo0AF7KBfw/RJQTA9JsJA
C44=
=ks7M
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7469-1
April 28, 2025

trafficserver vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Apache Traffic Server could be made to crash if it received specially
crafted network traffic.

Software Description:
- trafficserver: fast, scalable and extensible HTTP/1.1 and HTTP/2.0
caching proxy

Details:

It was discovered that Apache Traffic Server exhibited poor server
resource management in its HTTP/2 protocol. An attacker could possibly
use this issue to cause Apache Traffic Server to crash, resulting in
a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  trafficserver                   9.1.1+ds-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  trafficserver-dev               9.1.1+ds-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  trafficserver                   8.0.5+ds-3ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  trafficserver-dev               8.0.5+ds-3ubuntu0.1~esm1
                                  Available with Ubuntu Pro

After a standard system update you need to restart Apache Traffic Server
to make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7469-1
  CVE-2023-44487

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)