Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 22.04: USN-7469-1 critical: Apache Traffic Server DoS

ubuntu
Calendar Grey April 28, 2025
Dist Ubuntu Esm H88
Ubuntu users running Apache Traffic Server are advised to apply the latest updates. Vulnerabilities have been identified that may lead to crashes when handling maliciously crafted traffic.
Apache Traffic Server could be made to crash if it received specially crafted network traffic.

Summary

Apache Traffic Server could be made to crash if it received specially

crafted network traffic.

Software Description:

- trafficserver: fast, scalable and extensible HTTP/1.1 and HTTP/2.0

caching proxy

Details:

It was discovered that Apache Traffic Server exhibited poor server

resource management in its HTTP/2 protocol. An attacker could possibly

use this issue to cause Apache Traffic Server to crash, resulting in

a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   trafficserver                   9.1.1+ds-2ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   trafficserver-dev               9.1.1+ds-2ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   trafficserver                   8.0.5+ds-3ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   trafficserver-dev               8.0.5+ds-3ubuntu0.1~esm1
                                   Available with Ubuntu Pro

After a standard system update you need to restart Apache Traffic Server
to make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7469-1

  CVE-2023-44487

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7469-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here