stable

trafficserver-10.1.2-1.fc44

FEDORA-2026-7839a46d9d created by jered a month ago for Fedora 44

Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling

Changes with Apache Traffic Server 10.1.2 #12864 - Fix ppa log field #13037 - Fix prev_is_cr flag handling in chunked encoding parser #13040 - HttpSM - make sure we have a valid buffer to write on.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2026-7839a46d9d

This update has been submitted for testing by jered.

a month ago

This update's test gating status has been changed to 'ignored'.

a month ago

This update has been pushed to testing.

a month ago

jered edited this update.

a month ago

This update has been submitted for stable by bodhi.

There is an ongoing freeze; this will be pushed to stable after the freeze is over.

a month ago

This update has been pushed to stable.

3 weeks ago

Please log in to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a month ago
in testing
a month ago
in stable
3 weeks ago
modified
a month ago
approved
a month ago
Builds
1
trafficserver-10.1.2-1.fc44
BZ#2453244 trafficserver-10.1.2 is available
0
0
BZ#2454965 CVE-2025-58136 trafficserver: Apache Traffic Server: Denial of Service via POST request handling [fedora-all]
0
0
BZ#2454966 CVE-2025-65114 trafficserver: Apache Traffic Server: Request smuggling due to malformed chunked messages [fedora-all]
0
0
trafficserver-10.1.2-1.fc44

Automated Test Results

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 26.4.0 on bodhi-web-6f874fb45-n4jx7.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy