Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Fedora 39 37 35 33 31 Umbra Key Updates Access USN-9201-3

ubuntu
Calendar Grey April 2, 2026
Dist Ubuntu Esm H88
Undertow in Ubuntu allows unintended session access over the network, requiring immediate updates to mitigate risk.
Undertow would allow unintended access to user sessions over the network.

Summary

Undertow would allow unintended access to user sessions over the network.

Software Description:

- undertow: Java web server based on non-blocking IO

Details:

It was discovered that Undertow incorrectly validated the Host header in

incoming HTTP requests. A remote attacker could possibly use this issue

to gain unintended access to user sessions.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  libundertow-java                2.3.8-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  libundertow-java                2.2.16-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  libundertow-java                2.0.29-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libundertow-java                1.4.23-3ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libundertow-java                1.3.16-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8144-1

CVE-2025-12543

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8144-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here