[SECURITY] [DSA 6199-1] trafficserver security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6199-1] trafficserver security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 5 Apr 2026 20:47:47 +0000
Message-id: <[🔎] adLKc7oOT7Llsiz4@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6199-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 05, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : trafficserver
CVE ID         : CVE-2025-58136 CVE-2025-65114

Two vulnerabilities were discovered in Apache Traffic Server, a reverse
and forward proxy server, which could result in denial of service or
HTTP request smuggling.

For the oldstable distribution (bookworm), these problems have been fixed
in version 9.2.5+ds-0+deb12u4.

We recommend that you upgrade your trafficserver packages.

For the detailed security status of trafficserver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/trafficserver

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnSyjEACgkQEMKTtsN8
TjbGzg/8CWIKOce8ndWRF8khLwdzmlBK3TJijIASEeW6P5+vJ0pXe42h1vaPVex2
Ko+PIiBLLg4qeqXkiNaTAAcTX0NI9YqcqMjhqIShDb/sNyHLf/8ms+OzeVFSEted
8Bu6VR5pf+lBgOOKh5x5wyRPzSOnBfQzp38fDrT3b9IqWLqrABh9czE5qZi0uPod
NVkjmB0sV+agLi+9hRV/aQvvYvfFkmaJM6wD5Qt0iYfi+tRhSt8N2Gjaw4LSgQSn
Fj8JIRzxT2JWyGUHmz38L5Uxz4E9iKRpFai7/Ma8TIBrA8LzTZ7V4Wfee/sGWZpj
X8gMkCcPiBBgpZN3mZtfOHjPzEFKLC18rRLpBE8+hM16lSaSA6eXpUEiRu7GF1XI
itrEq3100Lf3P0psmxbe+FQNvnFhOlcnIFEsUTvbViMGzWyo1Q0MmvknovNBrhxy
b99WGuVywltlerv7i/fGRRi3ADswSdobvQDZogsENEc1jvwqbH/ysN6u25XoS5rA
BhDpTiAXaIW5i89Xv8oldTQLHZjQZ/FPN72X3hpI1zawyh5c2hpSVm6OoVySyVtb
TfNTNWEbG0pPKqJMghb5G607xgIIdNOtbOEhqTDtVgCL+z65qBlOoHwAL90+oH91
27rzUuAAlv0k+YsPIrtY+/Jpvgtl039XbUsKYV2JvKzzaUQYq+8=
=2rXJ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6198-1] valkey security update
Next by Date: [SECURITY] [DSA 6200-1] tor security update
Previous by thread: [SECURITY] [DSA 6198-1] valkey security update
Next by thread: [SECURITY] [DSA 6200-1] tor security update
Index(es):
- Date
- Thread