Fedora 39: trafficserver 2024-b1e16b4335 Security Advisory Updates
Update to upstream 9.2.4, resolves CVE-2024-31309 (CONTINUATION frames DoS)
Summary
Traffic Server is a high-performance building block for cloud services.
It's more than just a caching proxy server; it also has support for
plugins to build large scale web applications. Key features:
Caching - Improve your response time, while reducing server load and
bandwidth needs by caching and reusing frequently-requested web pages,
images, and web service calls.
Proxying - Easily add keep-alive, filter or anonymize content
requests, or add load balancing by adding a proxy layer.
Fast - Scales well on modern SMP hardware, handling 10s of thousands
of requests per second.
Extensible - APIs to write your own plug-ins to do anything from
modifying HTTP headers to handling ESI requests to writing your own
cache algorithm.
Proven - Handling over 400TB a day at Yahoo! both as forward and
reverse proxies, Apache Traffic Server is battle hardened.
Update Information:
Update to upstream 9.2.4, resolves CVE-2024-31309 (CONTINUATION frames DoS)
Change Log
* Wed Apr 3 2024 Jered Floyd <jered@redhat.com> 9.2.4-1 - Update to upstream 9.2.4 - Resolves CVE-2024-31309 * Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.2.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
References
[ 1 ] Bug #2269627 - CVE-2024-31309 trafficserver: CONTINUATION frames DoS https://bugzilla.redhat.com/show_bug.cgi?id=2269627
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-b1e16b4335' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html