Fedora 36: trafficserver 2022-489ea47e69 | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Sign Up
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-489ea47e69
2022-12-29 01:15:22.555047
--------------------------------------------------------------------------------

Name        : trafficserver
Product     : Fedora 36
Version     : 9.1.4
Release     : 1.fc36
URL         : https://trafficserver.apache.org/
Summary     : Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
Description :
Traffic Server is a high-performance building block for cloud services.
It's more than just a caching proxy server; it also has support for
plugins to build large scale web applications.  Key features:

Caching - Improve your response time, while reducing server load and
bandwidth needs by caching and reusing frequently-requested web pages,
images, and web service calls.

Proxying - Easily add keep-alive, filter or anonymize content
requests, or add load balancing by adding a proxy layer.

Fast - Scales well on modern SMP hardware, handling 10s of thousands
of requests per second.

Extensible - APIs to write your own plug-ins to do anything from
modifying HTTP headers to handling ESI requests to writing your own
cache algorithm.

Proven - Handling over 400TB a day at Yahoo! both as forward and
reverse proxies, Apache Traffic Server is battle hardened.

--------------------------------------------------------------------------------
Update Information:

Update to 9.1.4, resolves CVE-2022-32749, CVE-2022-37392, CVE-2022-40743
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 19 2022 Jered Floyd  9.1.4-1
- Update to 9.1.4, resolves CVE-2022-32749, CVE-2022-37392, CVE-2022-40743
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2154123 - trafficserver-9.1.4-rc0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2154123
  [ 2 ] Bug #2154896 - CVE-2022-32749 trafficserver: server crash under certain conditions [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2154896
  [ 3 ] Bug #2154897 - CVE-2022-32749 trafficserver: server crash under certain conditions [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2154897
  [ 4 ] Bug #2154899 - CVE-2022-37392 trafficserver: ATS is vulnerable to smuggle, cache poison, and DOS attacks [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2154899
  [ 5 ] Bug #2154900 - CVE-2022-37392 trafficserver: ATS is vulnerable to smuggle, cache poison, and DOS attacks [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2154900
  [ 6 ] Bug #2154902 - CVE-2022-40743 trafficserver: Security issues with the xdebug plugin [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2154902
  [ 7 ] Bug #2154903 - CVE-2022-40743 trafficserver: Security issues with the xdebug plugin [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2154903
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-489ea47e69' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 36: trafficserver 2022-489ea47e69

December 29, 2022
Traffic Server is a high-performance building block for cloud services

Summary

Traffic Server is a high-performance building block for cloud services.

It's more than just a caching proxy server; it also has support for

plugins to build large scale web applications. Key features:

Caching - Improve your response time, while reducing server load and

bandwidth needs by caching and reusing frequently-requested web pages,

images, and web service calls.

Proxying - Easily add keep-alive, filter or anonymize content

requests, or add load balancing by adding a proxy layer.

Fast - Scales well on modern SMP hardware, handling 10s of thousands

of requests per second.

Extensible - APIs to write your own plug-ins to do anything from

modifying HTTP headers to handling ESI requests to writing your own

cache algorithm.

Proven - Handling over 400TB a day at Yahoo! both as forward and

reverse proxies, Apache Traffic Server is battle hardened.

Update Information:

Update to 9.1.4, resolves CVE-2022-32749, CVE-2022-37392, CVE-2022-40743

Change Log

* Mon Dec 19 2022 Jered Floyd 9.1.4-1 - Update to 9.1.4, resolves CVE-2022-32749, CVE-2022-37392, CVE-2022-40743

References

[ 1 ] Bug #2154123 - trafficserver-9.1.4-rc0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2154123 [ 2 ] Bug #2154896 - CVE-2022-32749 trafficserver: server crash under certain conditions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2154896 [ 3 ] Bug #2154897 - CVE-2022-32749 trafficserver: server crash under certain conditions [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2154897 [ 4 ] Bug #2154899 - CVE-2022-37392 trafficserver: ATS is vulnerable to smuggle, cache poison, and DOS attacks [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2154899 [ 5 ] Bug #2154900 - CVE-2022-37392 trafficserver: ATS is vulnerable to smuggle, cache poison, and DOS attacks [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2154900 [ 6 ] Bug #2154902 - CVE-2022-40743 trafficserver: Security issues with the xdebug plugin [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2154902 [ 7 ] Bug #2154903 - CVE-2022-40743 trafficserver: Security issues with the xdebug plugin [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2154903

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-489ea47e69' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : trafficserver
Product : Fedora 36
Version : 9.1.4
Release : 1.fc36
URL : https://trafficserver.apache.org/
Summary : Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server

Related News

14 Kubernetes and Cloud Security Challenges and How to Solve Them

Linux Kernel Use-After-Free Vuln Could lead to Privilege Escalation, Malware Attacks

MidnightBSD 3.0.1 Released With Security Fixes, rc.d Scripts Cleanup

Trend Micro Uncovers Yet Another X.Org Server Vulnerability: CVE-2023-1393

News

Advisories

HOWTOs

Features

Linux Container Security Primer
Email Phishing Using Kali Linux
Is Linux A More Secure Option Than Windows For Businesses?
How Secure Is Linux?
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy