Ubuntu alert USN-7814-1 (libhtp)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7814-1] LibHTP vulnerabilities | |
| Date: | Thu, 09 Oct 2025 22:20:06 +0000 | |
| Message-ID: | <E1v6yzW-00010A-9L@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7814-1 October 09, 2025 libhtp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in LibHTP. Software Description: - libhtp: Security-aware parser for the HTTP protocol Details: It was discovered that LibHTP did not correctly handle certain HTTP headers. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-23837) It was discovered that LibHTP did not correctly parse certain HTTP requests. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-28871) It was discovered that LibHTP did not correctly parse certain HTTP requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2024-45797) It was discovered that LibHTP did not correctly handle certain memory operations. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2025-53537) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libhtp-dev 1:0.5.49-1ubuntu0.1 libhtp2 1:0.5.49-1ubuntu0.1 Ubuntu 24.04 LTS libhtp-dev 1:0.5.46-1ubuntu2+esm1 Available with Ubuntu Pro libhtp2 1:0.5.46-1ubuntu2+esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS libhtp-dev 1:0.5.39-1ubuntu0.1~esm1 Available with Ubuntu Pro libhtp2 1:0.5.39-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS libhtp-dev 1:0.5.32-1ubuntu0.1~esm1 Available with Ubuntu Pro libhtp2 1:0.5.32-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS libhtp-dev 1:0.5.26-1ubuntu0.1~esm1 Available with Ubuntu Pro libhtp2 1:0.5.26-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libhtp-dev 0.5.15-1ubuntu0.1~esm1 Available with Ubuntu Pro libhtp1 0.5.15-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7814-1 CVE-2024-23837, CVE-2024-28871, CVE-2024-45797, CVE-2025-53537 Package Information: https://launchpad.net/ubuntu/+source/libhtp/1:0.5.49-1ubu...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmjoLykACgkQcpJm3tlz hgFi8g//WcuAjL2vkxf+kl/IPOpI0wfqW7fSiWdSlU2d/UxCmjzdvdzv3L8oUR0h xhcWy679bH5nZysSxHGrEbJCqaX6qvDV2iyy4sicH6QChGeIKk6DD5t91ACxklx3 XdCcRuA0L/gnXHCeNKLRcVyW4TsMUPEA7HQQqZ6CA7TyBvG5byFhO5dsiWxhJUBv SoudlG/TOdXQpxqGEBOMoqsffkDLHpAZnE2EMA2c7k7/AhwzKxpToY+13DAQYiwr iEVJFACawmMB7bjLNspEdh3cge2WpxxEU8Gzc5Jx4MwABFovxIEGDqz7e3/HEn1r 6p1cFhi6lWW5FFdzCEt9bUcHPMbcAESQls115zDgIpp9dF51X5HAV4mxCq9e8/WJ NPqDHfarW2P/+1C5236VSGf4qO817MA+W8BCW2fMsTeFcbtiV5EHYfh5PDMrSvNa O1P8fFnYwtBuYhcctnHEbwidXL9y9mQClHQ+M/U5izZfpgPR83TGbe2q9z62xNk6 gNuF5tYM2tuUzXD8eCOjKb8gBJsM35pLr9Zvydc10egE0rIcWJIAsyOfK3pQ2OEx B79q9fk7mOUKptLJ7U4Bgnk3CdYeebUzeuFsEa3ya3nHajlfF93wkW2Lswg945v/ DOugYzrBFwF7yYB3J3/qX2/usn1YPckzrvHR2zJpd5B4NODbit4= =t6YC -----END PGP SIGNATURE-----