==========================================================================
Ubuntu Security Notice USN-7469-4
April 30, 2025

h2o vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

H2O could be made to crash if it received specially crafted network
traffic.

Software Description:
- h2o: an optimized HTTP server with support for HTTP/1.x, HTTP/2, and HTTP/3

Details:

USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update
provides the corresponding updates for H2O.

Original advisory details:

 It was discovered that Apache Traffic Server exhibited poor server
 resource management in its HTTP/2 protocol. An attacker could possibly
 use this issue to cause Apache Traffic Server to crash, resulting in
 a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
  h2o                             2.2.4+dfsg-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  libh2o0.13                      2.2.4+dfsg-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro

After a standard system update you need to restart H2O to make all the
necessary changes.

References:
https://ubuntu.com/security/notices/USN-7469-4
https://ubuntu.com/security/notices/USN-7469-3
https://ubuntu.com/security/notices/USN-7469-2
https://ubuntu.com/security/notices/USN-7469-1
  CVE-2023-44487