diff options
author | Adrian Bunk <bunk@debian.org> | 2023-11-05 23:50:21 +0200 |
---|---|---|
committer | Adrian Bunk <bunk@debian.org> | 2023-11-05 23:50:12 +0200 |
commit | abf8c721917ac1d0fdfe7349609bc6e7f86e75c5 (patch) | |
tree | 752f3952c35434d8b988252e194ff4557e6a8b76 /english/lts | |
parent | 628f5663d169b035af3c2ec293d46102a9eed1a0 (diff) |
Add DLA-3645-1 for trafficserver
Diffstat (limited to 'english/lts')
-rw-r--r-- | english/lts/security/2023/dla-3645.data | 10 | ||||
-rw-r--r-- | english/lts/security/2023/dla-3645.wml | 34 |
2 files changed, 44 insertions, 0 deletions
diff --git a/english/lts/security/2023/dla-3645.data b/english/lts/security/2023/dla-3645.data new file mode 100644 index 00000000000..4d15f28e1c3 --- /dev/null +++ b/english/lts/security/2023/dla-3645.data @@ -0,0 +1,10 @@ +<define-tag pagetitle>DLA-3645-1 trafficserver</define-tag> +<define-tag report_date>2023-11-05</define-tag> +<define-tag secrefs>CVE-2023-41752 CVE-2023-44487 Bug#1054427</define-tag> +<define-tag packages>trafficserver</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + diff --git a/english/lts/security/2023/dla-3645.wml b/english/lts/security/2023/dla-3645.wml new file mode 100644 index 00000000000..d89b2563948 --- /dev/null +++ b/english/lts/security/2023/dla-3645.wml @@ -0,0 +1,34 @@ +<define-tag description>LTS security update</define-tag> +<define-tag moreinfo> +<p>Two vulnerabilities were fixed in Apache Traffic Server, +a reverse and forward proxy server.</p> + +<ul> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2023-41752">CVE-2023-41752</a> + + <p>s3_auth plugin exposes AWSAccessKeyId</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2023-44487">CVE-2023-44487</a> + + <p>HTTP/2 Rapid Reset denial of service</p></li> + +</ul> + +<p>For Debian 10 buster, these problems have been fixed in version +8.1.7-0+deb10u3.</p> + +<p>We recommend that you upgrade your trafficserver packages.</p> + +<p>For the detailed security status of trafficserver please refer to +its security tracker page at: +<a href="https://security-tracker.debian.org/tracker/trafficserver">https://security-tracker.debian.org/tracker/trafficserver</a></p> + +<p>Further information about Debian LTS security advisories, how to apply +these updates to your system and frequently asked questions can be +found at: <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/lts/security/2023/dla-3645.data" +# $Id: $ |