Wednesday, April 30, 2025

[USN-7469-4] H2O vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEyMDHOTG0YH5UsajI8pSCVQZYHygFAmgSHgEFAwAAAAAACgkQ8pSCVQZYHyjB
kg/+MD0QcRaIu/kx7OUDdrh2yug95o3o+GNoSBT7U7DDMYOp63BxfNE2BQfb9qkIVRE59cmIXMUJ
2xDv3FEnAdH2/J6JqykSbRAZFYO5qI0mvowiuQ800aVwkUjEe3u0VDE4QN6/6ZanZg0VG4RTpvXJ
/+/+kBQ6DPFtl4sFn68+0qmVa0/7ccxv+0H83XnlNdvfYy75OUqmE78L3tK4g1d2+omJXFu34tEK
H75mlvnygqzqkr0OmNyOm3iZGR3w9djb0VYx4WaIS8jsKOcKWmSLLIXJcVcfeJZy1C1NhUt/x9Xq
XeuxFhyIEiLkR+UhxonuUEKpq9ATHuX4jUrdvQelMIHwGPnmWu/dJ9qaLjRaDPhvRD6MbDGu6I5c
wgx43kZLV1+7W4lCyMFjjOhiBKLeoBUutqi+1CAoaaa76jdESJd9/cndMpy/hhfd9ng3N2Lzvogy
3YCU3Lw6H7BB7CxGAZ3cYAEcHYGxiJPPjkB3zFootKy2WIAngjC2a/O+2nlDPs7SWX3ktvM95YBv
0Fi0njlZ1kTwRPIjbQLQ4x/KcnCd3GhpM0sF96avuGI7a/xrMNz7zC79XEXCrd1HIlYE4+bzcnXn
TxReDu1l56CLxlWozBV/dmPubtKMTZnQs0iH/oWs1I5YiIfQu69ozaFGJZfw8MBTbrivtue8EczM
PPo=
=FVpm
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7469-4
April 30, 2025

h2o vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

H2O could be made to crash if it received specially crafted network
traffic.

Software Description:
- h2o: an optimized HTTP server with support for HTTP/1.x, HTTP/2, and HTTP/3

Details:

USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update
provides the corresponding updates for H2O.

Original advisory details:

 It was discovered that Apache Traffic Server exhibited poor server
 resource management in its HTTP/2 protocol. An attacker could possibly
 use this issue to cause Apache Traffic Server to crash, resulting in
 a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
  h2o                             2.2.4+dfsg-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  libh2o0.13                      2.2.4+dfsg-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro

After a standard system update you need to restart H2O to make all the
necessary changes.

References:
https://ubuntu.com/security/notices/USN-7469-4
https://ubuntu.com/security/notices/USN-7469-3
https://ubuntu.com/security/notices/USN-7469-2
https://ubuntu.com/security/notices/USN-7469-1
  CVE-2023-44487

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)