Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 18.04 H2O USN-7469-4 critical: DoS from crafted traffic

ubuntu
Calendar Grey April 30, 2025
Dist Ubuntu Esm H88
H2O server vulnerabilities may be exploited via tailored payloads; ensure you patch your Ubuntu 20.04 LTS installation immediately for optimal protection.
H2O could be made to crash if it received specially crafted network traffic.

Summary

H2O could be made to crash if it received specially crafted network

traffic.

Software Description:

- h2o: an optimized HTTP server with support for HTTP/1.x, HTTP/2, and HTTP/3

Details:

USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update

provides the corresponding updates for H2O.

Original advisory details:

 It was discovered that Apache Traffic Server exhibited poor server

 resource management in its HTTP/2 protocol. An attacker could possibly

 use this issue to cause Apache Traffic Server to crash, resulting in

 a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
   h2o                             2.2.4+dfsg-1ubuntu0.1~esm2
                                   Available with Ubuntu Pro
   libh2o0.13                      2.2.4+dfsg-1ubuntu0.1~esm2
                                   Available with Ubuntu Pro

After a standard system update you need to restart H2O to make all the
necessary changes.

References

https://ubuntu.com/security/notices/USN-7469-4

https://ubuntu.com/security/notices/USN-7469-3

https://ubuntu.com/security/notices/USN-7469-2

https://ubuntu.com/security/notices/USN-7469-1

  CVE-2023-44487

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7469-4

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here