it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Moritz Muehlenhoff <jmm AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5311-1] trafficserver security update
- Date: Sun, 8 Jan 2023 18:57:53 +0000
- Authentication-results: mail.piratenpartei.de; dkim=none; dmarc=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"
- List-archive: https://lists.debian.org/msgid-search/Y7sSMYzbQDW9XmtB AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=tYgOnsgboiQoS27AboAKwp9hKCydSuWajxZe3P3alWA=; b=tz iiEuzeOBJNoCeZcKboA/RNV5Jo9P4Thbh9n0MMRUn+VjlAs2WysB6JO1iaql0SgZXkWe0qRLR6Lxh urhOPpmqDcUfavA4HJ0gmnTb2og3BbO8lX8Iwm/0D/RMAKzLsavTLKXWgMmoFTknpgnWH75tZy/TG Rl95dDSUqwm6zRFwTvIWlRBKRIZ05LI09HmPPF3bvh1aJaoqTyeauDbSTmR+dnCKJdsLyXnwGS+Gk 4bIXuo1i4dHooY/MZzWxdKRmRT3t3XY/oiOqFYhpZZa3ERx/0ajmxtdm8pCM/NW+AOS/huSKnctf7 6t+64FWtRWo3DWExZgMuWt6CLbFyIirA==;
- Old-return-path: <jmm AT seger.debian.org>
- Priority: urgent
- Resent-date: Sun, 8 Jan 2023 18:58:27 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <k62aIxGHpn.A.52B.TJxujB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5311-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 08, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : trafficserver
CVE ID : CVE-2022-32749 CVE-2022-37392
Several vulnerabilities were discovered in Apache Traffic Server, a
reverse and forward proxy server, which could result in HTTP request
smuggling, cache poisoning or denial of service.
For the stable distribution (bullseye), these problems have been fixed in
version 8.1.6+ds-1~deb11u1.
We recommend that you upgrade your trafficserver packages.
For the detailed security status of trafficserver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/trafficserver
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmO7EQsACgkQEMKTtsN8
Tjbf8BAApaDgFV524mL1OJLZOkA4WV6FcPWkw90S2+WeG5suWTzmO0UozDuhjcyx
S46DqrccqfioPYQHaDJlHD0XGg51+2mAn8QbIuk4k7F0llOmsWaR+JeEea8OfC1/
L5etnxKO1xbE0GMItSOXsbDZy8E529Hnw6xRykLkbiHK/M+fWWRXh7dY37Rq3SQi
oSno6HvAeKcKaRxzH/GaSa3UZWxoG6N8HaNd1HoIU1p3A/6uM0Sb1/eqSQZZXo7t
7JZiBQyP3Zr42bQECmrpuk9ugX/eLx1WOgaQQ3npJ/VcS3viGXQ3ONFbVEDIOkYC
2N6f+tMNJoRjv1K47DYjiDn3n7rJ7XEY6FQ1ZoWtdVTDKtvbupPhgLlz+ichUAgE
qawJquMnl9hRPEP70/v8ozmHrNm98hRF86v0J7AkUHbvN1zt4XH4Fnn0C4rqVf2/
ml4PkqooSkxNqoRWVRnZhEC2T8iDNICRMFkNyd63MS3EUayYR8dVw4P+OBL3J19W
hAq/9m8uQHYY7DG3+436YaSuMxkrGdBDUP6u6/wdaj3CZPX8H0Adq6I9k56snBC2
qydyyudefP1VLiqQqs0KWCs1xuH9lU+pjf30at5iY65xOR49KFEB4YJ38lkSpeRR
TByaB/aM85Nuc4VjHcHPf1Vg9nPMV4GLdGjh4cmhtbHRpV8LDRM=
=LHcX
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5311-1] trafficserver security update, Moritz Muehlenhoff, 08.01.2023
Archiv bereitgestellt durch MHonArc 2.6.24.