• [SECURITY] [DSA 5311-1] trafficserver security update

    From Moritz Muehlenhoff@21:1/5 to All on Sun Jan 8 20:00:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5311-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : trafficserver
    CVE ID : CVE-2022-32749 CVE-2022-37392

    Several vulnerabilities were discovered in Apache Traffic Server, a
    reverse and forward proxy server, which could result in HTTP request
    smuggling, cache poisoning or denial of service.

    For the stable distribution (bullseye), these problems have been fixed in version 8.1.6+ds-1~deb11u1.

    We recommend that you upgrade your trafficserver packages.

    For the detailed security status of trafficserver please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmO7EQsACgkQEMKTtsN8 Tjbf8BAApaDgFV524mL1OJLZOkA4WV6FcPWkw90S2+WeG5suWTzmO0UozDuhjcyx S46DqrccqfioPYQHaDJlHD0XGg51+2mAn8QbIuk4k7F0llOmsWaR+JeEea8OfC1/ L5etnxKO1xbE0GMItSOXsbDZy8E529Hnw6xRykLkbiHK/M+fWWRXh7dY37Rq3SQi oSno6HvAeKcKaRxzH/GaSa3UZWxoG6N8HaNd1HoIU1p3A/6uM0Sb1/eqSQZZXo7t 7JZiBQyP3Zr42bQECmrpuk9ugX/eLx1WOgaQQ3npJ/VcS3viGXQ3ONFbVEDIOkYC 2N6f+tMNJoRjv1K47DYjiDn3n7rJ7XEY6FQ1ZoWtdVTDKtvbupPhgLlz+ichUAgE qawJquMnl9hRPEP70/v8ozmHrNm98hRF86v0J7AkUHbvN1zt4XH4Fnn0C4rqVf2/ ml4PkqooSkxNqoRWVRnZhEC2T8iDNICRMFkNyd63MS3EUayYR8dVw4P+OBL3J19W hAq/9m8uQHYY7DG3+436YaSuMxkrGdBDUP6u6/wdaj3CZPX8H0Adq6I9k56snBC2 qydyyudefP1VLiqQqs0KWCs1xuH9lU+pjf30at5iY65xOR49KFEB4YJ38lkSpeRR TByaB/aM85Nuc4VjHcHPf1Vg9nPMV4GLdGjh4cmhtbHRpV8LDRM=
    =LHcX
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)