FEDORA-2024-b3c4e8da81 — security update for trafficserver

stable

trafficserver-9.2.6-2.fc40

FEDORA-2024-b3c4e8da81 created by jered a year ago for Fedora 40

Update to upstream 9.2.6
Backport fix for broken oubound TLS with OpenSSL 3.2+
Resolves CVE-2024-38479, CVE-2024-50305, CVE-2024-50306

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-b3c4e8da81

This update has been submitted for testing by jered.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

mschwarz provided feedback a year ago

karma

BZ#2326136 trafficserver stopped working after upgrade from F39 to F40 - connection to backendserver is finished before data flows

This update has been pushed to testing.

a year ago

jered edited this update.

a year ago

This update has been submitted for stable by bodhi.

12 months ago

This update has been pushed to stable.

12 months ago

Please log in to add feedback.

Metadata

Type

security

Severity

high

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

a year ago

in testing

a year ago

in stable

12 months ago

modified

a year ago

approved

12 months ago

Builds

trafficserver-9.2.6-2.fc40

BZ#2326136 trafficserver stopped working after upgrade from F39 to F40 - connection to backendserver is finished before data flows

BZ#2326235 CVE-2024-50306 trafficserver: Apache Traffic Server: Server process can fail to drop privilege [fedora-40]

BZ#2326240 CVE-2024-50305 trafficserver: Apache Traffic Server: Valid Host field value can cause crashes [fedora-40]

BZ#2326245 CVE-2024-38479 trafficserver: Apache Traffic Server: Cache key plugin is vulnerable to cache poisoning attack [fedora-40]

trafficserver-9.2.6-2.fc40

Automated Test Results

ignored