Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Fedora 22: FEDORA-2016-20456 Crucial: Trafficserver File Permissions Flaw

fedora
Calendar Grey July 3, 2015
Scroller Fedora
Details of the trafficserver security update for Fedora reveals file permissions flaw essential for patching.
https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v5.3.x

Summary

Apache Traffic Server is a fast, scalable and extensible HTTP/1.1 compliant

caching proxy server.

Update Information:

https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v5.3.x

Change Log

* Sun Jun 21 2015 Peter Robinson 5.3.0-1 - Update to 5.3.0 LTS release - Build on aarch64 and power64 - Split perl bindings to sub package - Cleanup and modernise spec * Fri Jun 19 2015 Fedora Release Engineering - 5.0.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Sat May 2 2015 Kalev Lember - 5.0.1-3 - Rebuilt for GCC 5 C++11 ABI change * Mon Jan 26 2015 Petr Machata - 5.0.1-2 - Rebuild for boost 1.57.0

References


[ 1 ] Bug #1102559 - Add AArch64 support to trafficserver https://bugzilla.redhat.com/show_bug.cgi?id=1102559 [ 2 ] Bug #1103173 - trafficserver: insecure temporary file usage [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1103173 [ 3 ] Bug #1179204 - trafficserver: incorrect handling of "Max-Forwards" header [fedora-21] https://bugzilla.redhat.com/show_bug.cgi?id=1179204 [ 4 ] Bug #1103174 - trafficserver: insecure temporary file usage [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1103174 [ 5 ] Bug #1133387 - CVE-2014-3525 trafficserver: unspecified flaw related to health checks fixed in versions 4.2.1.1 and 5.0.1 [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1133387 [ 6 ] Bug #1179205 - trafficserver: incorrect handling of "Max-Forwards" header [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1179205 [ 7 ] Bug #994224 - trafficserver must be compiled with -fno-strict-aliasing, but it is not ...

Read the Full Advisory

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update trafficserver' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: trafficserver
Product: Fedora 21
Version: 5.3.0
Release: 1.fc21
Summary: Fast, scalable and extensible HTTP/1.1 compliant caching proxy server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.