it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5435-2] trafficserver security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5435-2] trafficserver security update
Date: Thu, 22 Jun 2023 18:03:01 +0000
Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/ZJSM1fby7yJjQr02 AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=XnWiT8zQWNr9BUFRXt2Zmz8cnGAS6ccSfytc1Tbc6uY=; b=Cb iZSunm7/QVV5KDlQQRMG5qwDbRoRkxxfxWm1iG+iGAnNP0LD2TZl9Qh6seLyULNE1jmJ6MA/ZrRoY H6GvB/Y/luoAYth2/Q2CPRZsUr2lLvXQck61ml+rAS6NfTL0YrojoM8KNhPYsQppETa2T+QY/M3ba NxM0RMKZKoA4EKHJfGMSsu4c7smfFuMvw7xRx/rsWXT23Y0XJr8Gl4A5c7ghIJEI7giOXZrCJPiLs UqqUG3UFrZ7wzCOB5M4M6a08K9AP8ix7yU44/HDIeGpY1T0w7rH9/DMAOpj+5rYd3v2IEXdxfENiU uK78iANp5nh2ueeplK/JkMRtVg/ouI1A==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Thu, 22 Jun 2023 18:03:37 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <OyJ2h44YCvO.A.8dE.5zIlkB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5435-2 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 22, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : trafficserver
CVE ID : CVE-2022-47184 CVE-2023-30631 CVE-2023-33933
Debian Bug : 1038248

Several vulnerabilities were discovered in Apache Traffic Server, a
reverse and forward proxy server, which could result in information
disclosure or denial of service.

For the stable distribution (bookworm), these problems have been fixed in
version 9.2.0+ds-2+deb12u1. This is a no change rebuild of the update
from DSA-5435-1 with a corrected version number.

We recommend that you upgrade your trafficserver packages.

For the detailed security status of trafficserver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/trafficserver

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSUjFIACgkQEMKTtsN8
TjZ6Gw/8Ctomm+O4LFVSFL9LYqZs+9OzgKfPuufd4Py5Uv6v9U2pfAChExie8yRc
alUMBU0oM4u4VMH47w/lLK0H5wAoZgBSnbv8IcT9MSAUQRCXkntDe96WQr+dPqqz
CsEQ1NMy7KEEgql9RmgWZT7e9/X7PWDXQonlNRlKaQ50nsspQnF0StllXJpldfhc
xbs5dhVdWbhgTQFTACM1li4vWg/yXs3GiwXle8gyCZCzk2rV/4F+LcBWghn0Tkci
CksG3Nk8LW5ySgkWBy6vhpLvVLxvc4yoJW2CJelcxZ0b/7VbiqVAy+i9sP1DtAWa
EUUxcU2vRTBmyMYXNQBF4t2mLe7ZbqtbZjsxfhTApzGCSjNc/wCyAcTMDL1sHA5d
2MduoF9afAJAuMEz1LHtdqNbZyqubx5GhNIlnvI20uUZAZtHPrzaL1JearET0JGg
mkj+HQM8tw4s6B2eGeYgV7Enh+2nyVUrmuVtL36dOmrNKpENCLXGElGw0/aMUwLZ
O6bUARH4a9JcLK0FcFjwzeiJzQOk4SX3r0r1rnYhD2DWJzToVMkvj/MezDCnBTiE
shrOqnJJhsU3o9gkNPFwbzh06oOUKbd7F4h8Hk6IuWJL+Shj+t2kopBW/9p0ToAQ
Ch/caXXHKV9w5BtqJljRFlG+s71yHELqDAN5ZLfVOg/1TYtaTFE=
=URci
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5435-2] trafficserver security update, Moritz Muehlenhoff, 22.06.2023

Archiv bereitgestellt durch MHonArc 2.6.24.