Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Fedora 44 Traffic Server Critical DoS Issues 2026-7839a46d9d

fedora
Calendar Grey April 25, 2026
Dist Fedora Esm H88
Address critical vulnerabilities in Fedora Traffic Server impacting stability and service integrity with recommended updates.
Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling Changes with Apache Traffic Serv...

Summary

Traffic Server is a high-performance building block for cloud services.

It's more than just a caching proxy server; it also has support for

plugins to build large scale web applications. Key features:

Caching - Improve your response time, while reducing server load and

bandwidth needs by caching and reusing frequently-requested web pages,

images, and web service calls.

Proxying - Easily add keep-alive, filter or anonymize content

requests, or add load balancing by adding a proxy layer.

Fast - Scales well on modern SMP hardware, handling 10s of thousands

of requests per second.

Extensible - APIs to write your own plug-ins to do anything from

modifying HTTP headers to handling ESI requests to writing your own

cache algorithm.

Proven - Handling over 400TB a day at Yahoo! both as forward and

reverse proxies, Apache Traffic Server is battle hardened.

Update Information:

Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling Changes with Apache Traffic Server 10.1.2 #12864 - Fix ppa log field #13037 - Fix prev_is_cr flag handling in chunked encoding parser #13040 - HttpSM - make sure we have a valid buffer to write on.

Topics%20covered

Topics Covered

security advisory fedora DoS request smuggling CVE traffic server

Change Log

* Thu Apr 2 2026 Jered Floyd - 10.1.2-1 - Update to upstream 10.1.2

References


[ 1 ] Bug #2453244 - trafficserver-10.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2453244 [ 2 ] Bug #2454965 - CVE-2025-58136 trafficserver: Apache Traffic Server: Denial of Service via POST request handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454965 [ 3 ] Bug #2454966 - CVE-2025-65114 trafficserver: Apache Traffic Server: Request smuggling due to malformed chunked messages [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454966

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-7839a46d9d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: trafficserver
Product: Fedora 44
Version: 10.1.2
Release: 1.fc44
URL: https://trafficserver.apache.org/
Summary: Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server

Topics%20covered

Topics Covered

security advisory fedora DoS request smuggling CVE traffic server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here