it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Moritz Muehlenhoff <jmm AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 4805-1] trafficserver security update
- Date: Mon, 7 Dec 2020 21:37:53 +0000
- List-archive: https://lists.debian.org/msgid-search/20201207213753.GA9294 AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=YHkhqSJ0C2K6ZdDSpVwuZNdCaJ66TGUJZC8ycDNew34=; b=Ng hxPFssbSdrOgY1Z1MjPZn/S9wzHQMmmjBfbJR/1FGK9i+TWH0o1IXtX6csGeKLGDH7/SRzE/VKJHL ndR0oeKpR+SwCYsLFGWQYrVCOUvMelDles05nWewWJXR6z6JA8pPmORWcYjs6rF+tvWls7suRD9rA IJjtslLtWdu8Rj7pjIQ1N2C8wxmQVGb7qNsCmUML4nRQIuLbkQ2cVQkgDKfBpocazIjVYpP/8FZb3 n7vHZcRUkk+67zsPajLN9hicujdXwjJIky8UfMbRGRyXgQKoPj+lPo9XrUocQbNH+WCNyKWko/3Qz i+Kzk0wTYB/nf4169KuJMOVb03eYJtTw==;
- Old-return-path: <jmm AT seger.debian.org>
- Priority: urgent
- Resent-date: Mon, 7 Dec 2020 21:38:10 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <PY0sqc38IvO.A.yaF.CDqzfB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4805-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 07, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : trafficserver
CVE ID : CVE-2020-17508 CVE-2020-17509
Two vulnerabilities were discovered in Apache Traffic Server, a reverse
and forward proxy server:
CVE-2020-17508
The ESI plugin was vulnerable to memory disclosure.
CVE-2020-17509
The negative cache option was vulnerable to cache poisoning.
For the stable distribution (buster), these problems have been fixed in
version 8.0.2+ds-1+deb10u4.
We recommend that you upgrade your trafficserver packages.
For the detailed security status of trafficserver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/trafficserver
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/OoCEACgkQEMKTtsN8
TjYceQ/+MyOmeCR1pqHeUoXovPjZWLE6eGLZdHLqCM3MQmOpYwuXXtjNSe9ViNdy
ZWvdJbmZZ9QPPhVO+oxb4teodAUxT7/J/AMxQxlYbQFY8MQrTGvxb1ef22B7UafT
c4tz9K5oTRrFzR385Zu0EZe7Eq8mRPOlhjVqLyeH1Xndf/QtN9H5k6dx4FtUiGCJ
B4K7lRnrvJMYlGv7HJvcPTFxRKSiiwkS5JgcuY+vUtgWWB5mNwa+8v29j2QG9VQC
N+eqV+JMvJ74ettqWkHk+OLOqbh5Txb6Az5I6TceDacdaVvlNcPF6x79IkwOZOXu
sNwFKlQ5qyMf8KFEXD7YeJ5wrrlXD1e12cYZM+ICFEVdHC0VIJPJ5Kxp/ykjIE0C
dznfbObWt7Rp9m+QLW2eVjOwUWBUV8E1ZMp5JCUjArmHuHAjvmG3bmYSjqwMtB4n
JEUDMa/L23WoAZWhbXC6bZCjpBXwlUKJ9687Ff41VxRnDeCsmywX+8JQeNwO5GQj
UPq8+nNS+cerl4WMw5QBKIGB3nRPEroy0dlya1/DthnjzE9tglZYhMUBfRoT1rjy
NsJdMFeEUYJUe2tl4se8oOj0UOxYC7vmMkyfIa5s9ckODhJ4Vj4GYdJOWULJ5JMf
9fsx32s7xWAQFvgoBAOsTdvJIZ4URZ4ueLzRzMYQZP1bKxvU7jc=
=VWdK
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 4805-1] trafficserver security update, Moritz Muehlenhoff, 07.12.2020
Archiv bereitgestellt durch MHonArc 2.6.19.