-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3475-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 30, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : trafficserver Version : 8.1.7-0+deb10u1 CVE ID : CVE-2022-47184 CVE-2023-30631 CVE-2023-33933 Debian Bug : 1038248 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server. CVE-2022-47184 The TRACE method can be used to disclose network information. CVE-2023-30631 Configuration option to block the PUSH method in ATS didn't work.< CVE-2023-33933 s3_auth plugin problem with hash calculation. For Debian 10 buster, these problems have been fixed in version 8.1.7-0+deb10u1. We recommend that you upgrade your trafficserver packages. For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmSeEncACgkQiNJCh6LY mLEplg/7BHuPeRC3Bd32PVvFLE9saV4LJpXVUBNH9RYT6cHbByzFMkrxZ8xAbZQD X7aKZAMQ6/v00fKl9YkPt2qh0D9t3WdFH8Pf1sCy0CP4JzbDItgYaqNtWUTOAgkb ikeckqwpxLth3PyL7yCzkrQfIQrUs1eoHMwGfTxinvadC3uXW3FvUzzBGuHQfp5/ wPlx4yVl/q5yS+Ylu8Vrb6tyTeTHx+/ihrzX5VM1HL+FEhHjob28l2ywKXfca0eX GYjJVH6Q5umFI1aOOGAHtA1Vz+DsjGmw2JxjbVOsOpm2z9TuZMyIxoUd7fLhptdg oCar3nlVPUbOzSrsuiLKy9sHH8Mj0CeczeRIAq4knrndaafRPrRNqhpdmMAJbwXU jvNZHSp4Q0Gc5mU+2SYCuUY3MToAiwqt6F1bn7LyT4MUhBnfORm4hS+55ELdIySH MsVllqRoMcWaNebzyufcmRTJbW/CXpAab4gak1NKMQoVCDnqY8495zkNh1EX1j7g vIgBCU0XWhyt/n6tpPYnFpSdyU90FaeuQbw1v/jFOYjvlcVARmpa09Z9iidrnE4T KbEX9euckCVMvPPJt+GVLM2oEVK8XqP0dUc/5rHGkOuedFYOnqQYqLUI8OJ0EGdY nTvgFctIk9decFqJre/Z3O63H0tm27kIupcmnOQUlnF228+4Qk8= =Y4Ee -----END PGP SIGNATURE-----