FEDORA-2023-5ff7bf1dd8 — security update for trafficserver

stable

trafficserver-9.2.3-1.fc38

FEDORA-2023-5ff7bf1dd8 created by jered a year ago for Fedora 38

Update to upstream 9.2.3 Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-5ff7bf1dd8

This update has been submitted for testing by jered.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago

This update has been submitted for stable by bodhi.

a year ago

jered edited this update.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata

Type

security

Severity

high

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

a year ago

in testing

a year ago

in stable

a year ago

modified

a year ago

approved

a year ago

Builds

trafficserver-9.2.3-1.fc38

BZ#2242988 trafficserver-9.2.3-rc0 is available

BZ#2243251 [Major Incident] CVE-2023-44487 trafficserver: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [epel-all]

BZ#2243252 [Major Incident] CVE-2023-44487 trafficserver: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all]

BZ#2245107 CVE-2023-39456 trafficserver: improper input validation vulnerability [epel-all]

BZ#2245110 CVE-2023-39456 trafficserver: improper input validation vulnerability [fedora-all]

BZ#2245141 CVE-2023-41752 trafficserver: possible exposure of sensitive information [epel-all]

BZ#2245142 CVE-2023-41752 trafficserver: possible exposure of sensitive information [fedora-all]

trafficserver-9.2.3-1.fc38

Automated Test Results

ignored