[SECURITY] [DLA 3645-1] trafficserver security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3645-1] trafficserver security update
From: Adrian Bunk <bunk@debian.org>
Date: Sun, 5 Nov 2023 23:50:50 +0200
Message-id: <[🔎] ZUgOOgCZ1vVAl9Z5@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3645-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
November 05, 2023                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : trafficserver
Version        : 8.1.7-0+deb10u3
CVE ID         : CVE-2023-41752 CVE-2023-44487
Debian Bug     : 1054427

Two vulnerabilities were fixed in Apache Traffic Server,
a reverse and forward proxy server.

CVE-2023-41752

    s3_auth plugin exposes AWSAccessKeyId

CVE-2023-44487

    HTTP/2 Rapid Reset denial of service

For Debian 10 buster, these problems have been fixed in version 8.1.7-0+deb10u3.

We recommend that you upgrade your trafficserver packages.

For the detailed security status of trafficserver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/trafficserver

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmVIDjkACgkQiNJCh6LY
mLEKohAAtx3YoqeYkdky8CbG4ugl6ToAqEF9EuoKa7IgCIKZL2qUZKrg+DYcweNS
yiRN1nV57xXUH1qHLQC9HUrWJSyOrZZsNToSDS67PZ7kyAoYBmc8REK0x8HhKTTW
3e93vVZd30N2F03WvLEpUHE612FkDjeQDivcxZosV0ku4ssnAWM14nEPoHJlT45G
V4gptaAGPgrpj6cBDpS2Rdgc6xwt383PXav8saUoaFnG+NZI4CYmy8tvHu14X6fD
R64thdudmrYk2mKnT6SBFrDAoseBDJs6L8YxBu0CCFGF5lOiYKmkZUBNxxeY+uW7
smjds4URS5A1jG4+NBH+U0ZcKGUP880sLWBHBdeyAFFXwn7InhzJEjkPi37d2Yge
bOOFHj+kD6gbMm+SgRg6QZvdiZIxmavFnQPUPGKi9y3xufelQ6gdCV8kXRt/wR4b
ZnaPK2HNrzcNKquLlznn81G3ESbuHZXCmpPDZ0mha10nPe7xDTw60dHUe0Azg1if
J5gAW0Q7QKocuk2kGFRiH6gszMx8CKVIzA2aJfide+a08M0+nXEyHYSp9o/kP9FQ
EGDIwC5TtM+qnlzRDjoNjN1sa2sMMXgOpC47gvXW4LA23ps3mFMS30Te7VIdnRK/
vA4SbzWBl2R/OXuBNZv28ENL1uGwVCtaN6wqKaBKt9HusqRxUUA=
=pSKR
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3644-1] phppgadmin security update
Next by Date: [SECURITY] [DLA 3646-1] open-vm-tools security update
Previous by thread: [SECURITY] [DLA 3644-1] phppgadmin security update
Next by thread: [SECURITY] [DLA 3646-1] open-vm-tools security update
Index(es):
- Date
- Thread