-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3279-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Abhijith PA January 23, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : trafficserver Version : 8.0.2+ds-1+deb10u7 CVE ID : CVE-2021-37150 CVE-2022-25763 CVE-2022-28129 CVE-2022-31780 Multiple vulnerabilities were found in trafficserver, a caching proxy server. CVE-2021-37150 Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources CVE-2022-25763 Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. CVE-2022-28129 Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers CVE-2022-31780 Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. For Debian 10 buster, these problems have been fixed in version 8.0.2+ds-1+deb10u7. We recommend that you upgrade your trafficserver packages. For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmPOawQACgkQhj1N8u2c KO+HfA/7BqH/Q9mQcq3WLzf2qEmxaRrwoN/t/TwmUJRdUrSIBVdCbf7VTtygVyIp eqnfdnWRp/4ZH1Sdg95vB6l0Wu8txVt0KjYltLWrWnjfdMqDBHFk1M45BkXmSHrv QKC8h68J1Y9inpZjGJ680PW0W0XkaSB75khUC58plctUbXeTV9Gchhr29+q96/3R acBBrfBicvebYeaMIE+tzbRIHva5S9R5byczITXCYaz+2+U8BUWDA+QQseO0Yeme STk3X+bNoexBY3BleNULqrcyWopMs3Hb1XcQsAUvJFP/0JqCj+87Ef++9y17efoM PYzPQlIM5uBJlslxH7/iqyC6sWJiK2qUTBhL7dcdKULsHX81szMek0VtOvj6MhsT w4PYGxAKiEk5P6e4NNAj6DngmnFJBZWC/qc3axtkVxH3Lkv/nqxhklowMsgxTkCb LPHOrIefj2Ae6xbCPNs3xcE2fYDmjK1ISqPEoGfX2DB6tItg/EKMbiJ752h0Hf93 4UtIDztOEiybvC8MfpA2xi9jTwWGvTTY1ThTMBB5y4dyb6SqcR5EbLPB6vV4kkoK mxYB4ABCYXv+Nb1c76yDd0qVrWl6Vs1uokdLHsLlzwfSf7us9dJbcRo1Uu3Rn7r4 PmOIPHNACTlY7/9iqcu9QYxqNasNKfGJaDUX+dN4tcJr9ZOyiDw= =ambk -----END PGP SIGNATURE-----