[SECURITY] [DLA 3799-1] trafficserver security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3799-1] trafficserver security update
From: Adrian Bunk <bunk@debian.org>
Date: Sun, 28 Apr 2024 23:55:45 +0300
Message-id: <Zi630fyUK+UQju/c@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3799-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
April 28, 2024                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : trafficserver
Version        : 8.1.7-0+deb10u4
CVE ID         : CVE-2024-31309
Debian Bug     : 1068417

Potential DoS attacks have been fixed by rate limiting
HTTP/2 CONTINUATION frames in Apache Traffic Server,
an HTTP/1.1 and HTTP/2 compliant caching proxy server.

For Debian 10 buster, this problem has been fixed in version
8.1.7-0+deb10u4.

We recommend that you upgrade your trafficserver packages.

For the detailed security status of trafficserver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/trafficserver

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYut80ACgkQiNJCh6LY
mLFovhAAzymlGS/QkzER/awJHZgw4h4KqpQwvUJ3kPAtwG55/NPcFnpRdQ2tVRMj
uMQpjm1XC5pC26gJRIrRDzr/KYFfU/OIYUXaQFb0OCSMxUT522KrWMxjH4ejaHle
uqU7iKtSxe7Rxc/Mkug3bwLzB482KnjpvYNJ5EXJHTDsTD9PSlPGelv0jOEL3ufz
KfFZR5dEnuMdRGXl6hUG2/TbqnYfPwSLU5fAz1cuF6haSRvf9FPKPi3+EP7T75y8
bqIRwzX954ujmrjRYpKS79JbOu+Av3U9mJrqVsidFSD1CgLTocO0CkN7P5WbON3p
ruvgyIXVPsISJcYZNe7kuboflOdm1y0eU3ZC2/xOTcIuVdNeUDsZzhxXJ9yZZK/5
/LE0kFBzi4A+Oi0YZxJzPa/dOc28JtWc+LLsgh02qGttdcOo4+PDHoC6KxI8m+hO
Nhg3l8ElKPSh+RN0yarpa30T0/9qGt52TSqcaqqsCv3ZREIuF7Gg3GhpKDYod0vn
Rk3JKnN38RWdw5gBNwtZLmA0k00HyWFQvzsJtp1qfHWEh4DevW95WlKflaDfZ6Y0
aHZN3NxlQAmi9OdORUA/owXJx6UX4D0oy4hUNpPKoPhDtNorFyOL2x8NF7tZeo0U
uBnL5oqkiXdnShd73ShkE/jiGlSqNt1SSwXeo5uEhWTxaFecmJQ=
=TLeM
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3798-1] zabbix security update
Next by Date: [SECURITY] [DLA 3800-1] ruby-rack security update
Previous by thread: [SECURITY] [DLA 3798-1] zabbix security update
Next by thread: [SECURITY] [DLA 3800-1] ruby-rack security update
Index(es):
- Date
- Thread