Apache Tomcat could be made to crash if it received specially crafted
network traffic.
Software Description:
- tomcat8: Servlet and JSP engine
Details:
USN-7469-1 fixed a vulnerability in Apache Traffic Server. This
update provides the corresponding updates for Apache Tomcat.
Original advisory details:
It was discovered that Apache Traffic Server exhibited poor server
resource management in its HTTP/2 protocol. An attacker could possibly
use this issue to cause Apache Traffic Server to crash, resulting in
a denial of service.
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libtomcat8-embed-java 8.5.39-1ubuntu1~18.04.3+esm4 Available with Ubuntu Pro libtomcat8-java 8.5.39-1ubuntu1~18.04.3+esm4 Available with Ubuntu Pro tomcat8 8.5.39-1ubuntu1~18.04.3+esm4 Available with Ubuntu Pro After a standard system update you need to restart Apache Tomcat to make all the necessary changes.
https://ubuntu.com/security/notices/USN-7469-2
https://ubuntu.com/security/notices/USN-7469-1
CVE-2023-44487
Get the latest Linux and open source security news straight to your inbox.