Am 24.07.2014 11:10, schrieb Jan-Frode Myklebust: > On Wed, Jul 23, 2014 at 08:26:39AM -0700, Bryan Call wrote: >> >> Below is our announcement for the security issue reported to us from >> Yahoo! Japan. All versions of Apache Traffic Server are vulnerable. > > Is there any information available about this problem, so that we can make > a judgement on criticality of the upgrade?
in case of such security anncouncements there is not much to judge it is a bugfix-only release and should already be deployed Jul 23 18:20:16 Updated: trafficserver-4.2.1.1-2.fc19.20140723.rh.x86_64 > Any reason to believe a properly firewalled trafficserver (only incoming > 80/tcp and 443/tcp allowed) should be remotely exploitable? surely because that is a expected setup and the nature of a vulerability is to gain more rights as should be possible
signature.asc
Description: OpenPGP digital signature
