1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5896-1] trafficserver security update

    From Moritz Muehlenhoff@21:1/5 to All on Sat Apr 5 15:20:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5896-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff
    April 05, 2025 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : trafficserver
    CVE ID : CVE-2024-38311 CVE-2024-38479 CVE-2024-50305
    CVE-2024-50306 CVE-2024-56195 CVE-2024-56202

    Several vulnerabilities were discovered in Apache Traffic Server, a
    reverse and forward proxy server, which could result in denial of
    service, HTTP request smuggling, cache poisoning or incomplete
    dropping of privileges.

    For the stable distribution (bookworm), these problems have been fixed in version 9.2.5+ds-0+deb12u2.

    We recommend that you upgrade your trafficserver packages.

    For the detailed security status of trafficserver please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmfxKmAACgkQEMKTtsN8 TjaSxQ//f9Ds629Hilg39oIMYi16uHiubanaoBZU4VmbPz9zoTB8sbxHmheizdfQ pqftK5Qw5nb1PixxL5AOosYWXPduddPRFdidWNdCCS+zyfTkSotiDvTMTV6pGyZL lvYpF4HxryDJf47w7WgaMoJHesxkQ0WCLIvnxfhC+h0ufcdCr0oAkStd80LzNrMa +nQi2zHaAm0EWK2XFBMaBzfhk0EL2qHVDgFkxEYSfEYUMeWQORBm/xj798sEjM0h e6y1goz9QG4+nNzuBWN/Tho6xl08jUoFIdUxLaRmauF6AhXF9YPcQLEpbrbVNk/z DzmKrw+g5YcBbUFfj0UbbdDUFP3RYtu7hYlGRQGbWO6EBqXg/nHjmluMnfncCbkL JR8y7IIOAuNmK5PFZvC3XA4lyiOawAD1iutfHnR/b5KkkkzK8sZK38tLbLst/Gbf 7w2uzm1mE1i850tlqyOOf79G+WlVrqclNsqr3f3FCnZQsJHyNhJixYNAVw1POkPq yRsoeqap28VZbNqLaTS4wJ0lxjLCfUs6lWjyihSbO43o9US+JR6v6lXJeMLOuunz nAX/+ul9d6HYXcyUKDJXBfLMKHXSBSLPgUxt76LBXXaHcCdOFTKp3UJcGrM+xSVI 6G/2vj2bnSqP1/DRRRcMXXhTzv9bYDj953rrtx68sSJJ9OhNdNI=
    =j/9L
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)