it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Moritz Muehlenhoff <jmm AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5948-1] trafficserver security update
- Date: Tue, 24 Jun 2025 19:43:51 +0000
- Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/aFr/92ISGdo76kVj AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=jRyGcljtwYnvDOByaz5PHnEfBRz3xPxgI5/UfIwDpVU=; b=tU 2X2qMSTEbkdB4LOVnodA8Do+CKHe2dvjTGwp1JksV2GPb6m3I+9pS5E6j4OUbTW+tdaH6UewsOo1Z TH9o8IDYInUcJSw5iE77Ani5vyA52fsA/9bDjcBMpXLzMyPJM9GOB8uwBbxXvml+edWFg17tUSahz zkvFBZvgF+Tt1x+OuEHfsVKmvSz92uJzziwH5V6OpvWegEOIj9MjoY7E7rAq3idm0FpfhwRsaHIiB e/9QGNxjPP/EfwMcDgcZtrnUeabPl7wr4fDZiAj5nhllJ8GLl0gigjC7aqdb9zkIWs96vOAW6jFME 1VBoSnTrly5ZDk2ti+oQVkZIeh897ffQ==;
- Old-return-path: <jmm AT seger.debian.org>
- Priority: urgent
- Resent-date: Tue, 24 Jun 2025 19:44:19 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <Rtprmh3BXaB.A.Re9G.TAwWoB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5948-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 24, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : trafficserver
CVE ID : CVE-2024-53868 CVE-2025-31698 CVE-2025-49763
Several vulnerabilities were discovered in Apache Traffic Server, a
reverse and forward proxy server, which could result in denial of
service, HTTP request smuggling or incorrect processing of ACLs.
For the stable distribution (bookworm), these problems have been fixed in
version 9.2.5+ds-0+deb12u3.
We recommend that you upgrade your trafficserver packages.
For the detailed security status of trafficserver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/trafficserver
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmha/ucACgkQEMKTtsN8
TjZgjA//U2U6tgvCsre/jnFIxW7jXFPlCRntukZwysvB5cu4VGd6InHg6hluizmu
1OOy5NTzXtFCHuCBRz91THS+Zl/mvejAVh+P+Iy1MSXCuI3bzr4iDFLv7dzHePJz
uiExjSk0/1nhxkfy8q5blZr+vTF8Pk/e4uSIImvViVajM0c69Bpyg7FvpIWfJYdH
EKlbg//mCBj5t449mn+k4gStbKUDhr/RN5zobiiRFm8haeWDM+cEy7YvjjHee47G
amZmyb24GN+UaW5NFlv4xKCY8HANc8S8pIz1ov2IQ9EExIEP4xWOtnEO9IQrM4o1
0WUR/JO6jn6NKq1DkADvIjMhwceVCkbTYvUdnWOM2wnmkx56fDOl8kyXoBm4jXV6
9npQajgpCk7EwknFiMa36Ruw3qybiRIQWUCU7O7YzZJiy88JIvqPrFge5nj6XTdk
dXgRkJ2KiGWOfd1GOjbZuIocqGzqrewbRMrXuoZJDDE1EulTKW25ClaVrWS9huUK
luPRsmet6/XYLCaJy/U/slbxd26puX4eq24UdoYzAcXAJzpAV8vM3QwsdKVTioj/
paXsEpnztWk8pOmU+A3xtr7WmXW+qzWnIoCDPIMybo4Voh+3A4D6qVxBP3TzTyqx
owJcwbAlOD2mx82QV+SiwU6PmBL9WeZqFEStwiBAReSrourwxyA=
=jMkz
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5948-1] trafficserver security update, Moritz Muehlenhoff, 24.06.2025
Archiv bereitgestellt durch MHonArc 2.6.19+.