FEDORA-EPEL-2024-d40458db4b — security update for trafficserver

stable

trafficserver-9.2.5-1.el8

FEDORA-EPEL-2024-d40458db4b created by jered 12 months ago for Fedora EPEL 8

Update to upstream 9.2.5 Resolves CVE-2023-38522, CVE-2024-35161, CVE-2024-35296

This update has been submitted for testing by jered.

12 months ago

This update's test gating status has been changed to 'ignored'.

12 months ago

This update has been pushed to testing.

12 months ago

jered edited this update.

12 months ago

This update has been submitted for stable by bodhi.

11 months ago

This update has been pushed to stable.

11 months ago

Please log in to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

12 months ago

in testing

12 months ago

in stable

11 months ago

modified

12 months ago

approved

11 months ago

Builds

trafficserver-9.2.5-1.el8

BZ#2300343 CVE-2023-38522 trafficserver: Incomplete field name check allows request smuggling [fedora-39]

BZ#2300344 CVE-2023-38522 trafficserver: Incomplete field name check allows request smuggling [fedora-40]

BZ#2300345 CVE-2023-38522 trafficserver: Incomplete field name check allows request smuggling [epel-8]

BZ#2300346 CVE-2024-35161 trafficserver: Incomplete check for chunked trailer section allows [fedora-40]

BZ#2300347 CVE-2024-35161 trafficserver: Incomplete check for chunked trailer section allows [epel-8]

BZ#2300348 CVE-2024-35161 trafficserver: Incomplete check for chunked trailer section allows [fedora-39]

BZ#2300349 CVE-2024-35296 trafficserver: Invalid Accept-Encoding can force forwarding requests [fedora-40]

BZ#2300350 CVE-2024-35296 trafficserver: Invalid Accept-Encoding can force forwarding requests [epel-8]

BZ#2300351 CVE-2024-35296 trafficserver: Invalid Accept-Encoding can force forwarding requests [fedora-39]

trafficserver-9.2.5-1.el8

Automated Test Results

ignored