Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 38 Trafficserver 9.2.1 Critical: Multiple Security Risks Addressed

fedora
Calendar Grey June 23, 2023
Dist Fedora Esm H88
The Trafficserver version 9.2.1 upgrade for Fedora 38 tackles a range of security vulnerabilities while enhancing performance and stability.
Update to upstream 9.2.1; resolves CVE-2022-47184, CVE-2023-30631, CVE-2023-33933

Summary

Traffic Server is a high-performance building block for cloud services.

It's more than just a caching proxy server; it also has support for

plugins to build large scale web applications. Key features:

Caching - Improve your response time, while reducing server load and

bandwidth needs by caching and reusing frequently-requested web pages,

images, and web service calls.

Proxying - Easily add keep-alive, filter or anonymize content

requests, or add load balancing by adding a proxy layer.

Fast - Scales well on modern SMP hardware, handling 10s of thousands

of requests per second.

Extensible - APIs to write your own plug-ins to do anything from

modifying HTTP headers to handling ESI requests to writing your own

cache algorithm.

Proven - Handling over 400TB a day at Yahoo! both as forward and

reverse proxies, Apache Traffic Server is battle hardened.

Update to upstream 9.2.1; resolves CVE-2022-47184, CVE-2023-30631,

CVE-2023-33933

* Tue Jun 13 2023 Jered Floyd 9.2.1-1

- Update to upstream 9.2.1

[ 1 ] Bug #2213425 - trafficserver-9.2.1 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2213425

[ 2 ] Bug #2214994 - CVE-2022-47184 trafficserver: The TRACE method can be used to disclose network information [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2214994

[ 3 ] Bug #2214998 - CVE-2023-30631 trafficserver: Configuration option to block the PUSH method in ATS didn't work [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2214998

[ 4 ] Bug #2215002 - CVE-2023-33933 trafficserver: s3_auth plugin problem with hash calculation [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2215002

su -c 'dnf upgrade --advisory FEDORA-2023-2e6bead58b' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory Fedora security fix critical update performance improvement Trafficserver

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 38
Version: 9.2.1
Release: 1.fc38
URL: https://trafficserver.apache.org/
Summary: Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server

Topics%20covered

Topics Covered

security advisory Fedora security fix critical update performance improvement Trafficserver

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here