Headline
Ubuntu Security Notice USN-7067-1
Ubuntu Security Notice 7067-1 - It was discovered that HAProxy did not properly limit the creation of new HTTP/2 streams. A remote attacker could possibly use this issue to cause HAProxy to consume excessive resources, leading to a denial of service.
==========================================================================Ubuntu Security Notice USN-7067-1October 14, 2024haproxy vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTSSummary:HAProxy could be made to crash or run programs if it receivedspecially crafted network traffic.Software Description:- haproxy: fast and reliable load balancing reverse proxyDetails:It was discovered that HAProxy did not properly limit the creation of newHTTP/2 streams. A remote attacker could possibly use this issue to causeHAProxy to consume excessive resources, leading to a denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS haproxy 1.8.8-1ubuntu0.13+esm3 Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-7067-1 CVE-2023-44487
Related news
Red Hat Security Advisory 2023-6022-01 - An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.
Cloudflare on Thursday said it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks that exploited a recently disclosed flaw called HTTP/2 Rapid Reset, 89 of which exceeded 100 million requests per second (RPS). "The campaign contributed to an overall increase of 65% in HTTP DDoS attack traffic in Q3 compared to the previous quarter," the web infrastructure
Ubuntu Security Notice 6438-2 - USN-6438-1 fixed vulnerabilities in .Net. It was discovered that the fix for [CVE-2023-36799] was incomplete. This update fixes the problem. Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service. It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2023-5896-01 - Red Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-6080-01 - Red Hat Integration Camel for Spring Boot 4.0.1 release and security update is now available. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5929-01 - An update for tomcat is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5840-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5767-01 - nghttp2 contains the Hypertext Transfer Protocol version 2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Issues addressed include a denial of service vulnerability.
Cisco Talos is actively tracking the novel distributed denial-of-service (DDoS) attacks cloud services provider Cloudflare disclosed earlier this week. The techniques described in Cloudflare’s blog post resulted in a record-breaking DDoS attack and could facilitate much larger attacks in the future. CVE-2023-44487 CVE-2023-44487, a vulnerability in the
Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption.