H2O could be made to crash if it received specially crafted network
traffic.
Software Description:
- h2o: an optimized HTTP server with support for HTTP/1.x, HTTP/2, and HTTP/3
Details:
USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update
provides the corresponding updates for H2O.
Original advisory details:
It was discovered that Apache Traffic Server exhibited poor server
resource management in its HTTP/2 protocol. An attacker could possibly
use this issue to cause Apache Traffic Server to crash, resulting in
a denial of service.
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS h2o 2.2.4+dfsg-1ubuntu0.1~esm2 Available with Ubuntu Pro libh2o0.13 2.2.4+dfsg-1ubuntu0.1~esm2 Available with Ubuntu Pro After a standard system update you need to restart H2O to make all the necessary changes.
https://ubuntu.com/security/notices/USN-7469-4
https://ubuntu.com/security/notices/USN-7469-3
https://ubuntu.com/security/notices/USN-7469-2
https://ubuntu.com/security/notices/USN-7469-1
CVE-2023-44487
Get the latest Linux and open source security news straight to your inbox.