• [SECURITY] [DSA 5758-1] trafficserver security update

    From Moritz Muehlenhoff@21:1/5 to All on Mon Aug 26 09:10:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5758-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 26, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : trafficserver
    CVE ID : CVE-2023-38522 CVE-2024-35161 CVE-2024-35296

    Several vulnerabilities were discovered in Apache Traffic Server,
    a reverse and forward proxy server, which could result in denial
    of service or request smuggling.

    For the stable distribution (bookworm), these problems have been fixed in version 9.2.5+ds-0+deb12u1.

    We recommend that you upgrade your trafficserver packages.

    For the detailed security status of trafficserver please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbMKBEACgkQEMKTtsN8 TjZOnw/+JNcO3mLjDjMwWUBfg7w/jCN8tIKJjAGs1bPzJ+QTOs4yy+47wWtAeJ5c Q3PrzETcXLNxFKAI+ii+Tq9DetvvgJYzm2Qxm9xeNJuhjMnUs226Om8VawTH8yL4 ijKuZZlEBCAoUTi5+ROQ6H+TDQ3KJIt/xiQp9JuDYPGBbNsyoEl+eOdmVRZTroBo heMsrvCMLneLV5kmr1IpIJfJgXvnuR57idyHAry9GOJ0xaMRdohE6oYqWuG+DeF3 1fr10jbSgX9M+tUtw1t7sFtoHjXlf3ez8fTOQ/aa+4idHtPd4GBkfDCKb+Bnoazg uuG9esu8RmfZisOFYQX4O3Bgi8KSM0Ir5Mv9sOkvy95Iqd1dJ2kjHFlvgbzzbATF aSMlj/lUwG2ALq2hoZ4IfuwLKr0hTguHtKTcralE7w+8+pbzMPzULXUw8vPIFGHq VKS0S6XzXHuFchyhfKJFXuUD4uAjijVPzCAMyvlIH98hBfRSbzOP1dwRrHN7YVk4 fmkf6yjQ5hB/ecXFCQkXJUXOJNwm41sMpZUkdywFh1iFnV6Hl3We3JD0wdjURReY 4ZzGR2PkgWQN56UvkzF4xq8VmtBZ3lTSHH6kmmlgpmBFgtdWhnvl/3Jp4dfO3uh5 2Lt5vf01Ae4jkT+93uaMtDlr8YBEr2JHLEWCA3ZRC4ux3mnGRN8=
    =Q6vb
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)