Home / mailings [USN-8050-1] Apache Traffic Server vulnerability
Posted on 18 February 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8050-1
February 18, 2026
trafficserver vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
trafficserver could be made to crash if it received specially crafted
input.
Software Description:
- trafficserver: fast, scalable and extensible HTTP/1.1 and HTTP/2.0 caching proxy
Details:
Masakazu Kitajo discovered that Apache Traffic Server did not properly
handle the Valid Host header field. An attacker could possibly use this
issue to cause a denial of service (DoS).
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
trafficserver 9.2.5+ds-1ubuntu2.1
Ubuntu 24.04 LTS
trafficserver 9.2.3+ds-1+deb12u1ubuntu0.1
Ubuntu 22.04 LTS
trafficserver 9.1.1+ds-2ubuntu0.1
After a standard system update you need to restart Apache Traffic Server
to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8050-1
CVE-2024-50305
Package Information:
https://launchpad.net/ubuntu/+source/trafficserver/9.2.5+ds-1ubuntu2.1
https://launchpad.net/ubuntu/+source/trafficserver/9.2.3+ds-1+deb12u1ubuntu0.1
https://launchpad.net/ubuntu/+source/trafficserver/9.1.1+ds-2ubuntu0.1
--===============3013704646389068370==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
