[SECURITY] [DLA 3595-1] trafficserver security update

2023-09-3018:25:26

lists.debian.org

input validation

trafficserver

debian 10 buster

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

JSON

Debian LTS Advisory DLA-3595-1 [email protected]
https://www.debian.org/lts/security/ Adrian Bunk
September 30, 2023 https://wiki.debian.org/LTS

Package : trafficserver
Version : 8.1.7-0+deb10u2
CVE ID : CVE-2022-47185 CVE-2023-33934
Debian Bug : 1043430

Several cases of improper input validation were fixed in Apache Traffic Server,
a reverse and forward proxy server.

For Debian 10 buster, these problems have been fixed in version
8.1.7-0+deb10u2.

We recommend that you upgrade your trafficserver packages.

For the detailed security status of trafficserver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/trafficserver

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian11mipseltrafficserver-experimental-plugins-dbgsym< 8.1.9+ds-1~deb11u1trafficserver-experimental-plugins-dbgsym_8.1.9+ds-1~deb11u1_mipsel.deb
Debian11arm64trafficserver-experimental-plugins-dbgsym< 8.1.9+ds-1~deb11u1trafficserver-experimental-plugins-dbgsym_8.1.9+ds-1~deb11u1_arm64.deb
Debian10arm64trafficserver< 8.1.7-0+deb10u2trafficserver_8.1.7-0+deb10u2_arm64.deb
Debian11amd64trafficserver-dbgsym< 8.1.9+ds-1~deb11u1trafficserver-dbgsym_8.1.9+ds-1~deb11u1_amd64.deb
Debian11armhftrafficserver-experimental-plugins-dbgsym< 8.1.9+ds-1~deb11u1trafficserver-experimental-plugins-dbgsym_8.1.9+ds-1~deb11u1_armhf.deb
Debian11arm64trafficserver-dev< 8.1.9+ds-1~deb11u1trafficserver-dev_8.1.9+ds-1~deb11u1_arm64.deb
Debian10armhftrafficserver-experimental-plugins< 8.1.7-0+deb10u2trafficserver-experimental-plugins_8.1.7-0+deb10u2_armhf.deb
Debian10alltrafficserver< 8.1.7-0+deb10u2trafficserver_8.1.7-0+deb10u2_all.deb
Debian10amd64trafficserver-dev< 8.1.7-0+deb10u2trafficserver-dev_8.1.7-0+deb10u2_amd64.deb
Debian11armhftrafficserver-dbgsym< 8.1.9+ds-1~deb11u1trafficserver-dbgsym_8.1.9+ds-1~deb11u1_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	mipsel	trafficserver-experimental-plugins-dbgsym	< 8.1.9+ds-1~deb11u1	trafficserver-experimental-plugins-dbgsym_8.1.9+ds-1~deb11u1_mipsel.deb
Debian	11	arm64	trafficserver-experimental-plugins-dbgsym	< 8.1.9+ds-1~deb11u1	trafficserver-experimental-plugins-dbgsym_8.1.9+ds-1~deb11u1_arm64.deb
Debian	10	arm64	trafficserver	< 8.1.7-0+deb10u2	trafficserver_8.1.7-0+deb10u2_arm64.deb
Debian	11	amd64	trafficserver-dbgsym	< 8.1.9+ds-1~deb11u1	trafficserver-dbgsym_8.1.9+ds-1~deb11u1_amd64.deb
Debian	11	armhf	trafficserver-experimental-plugins-dbgsym	< 8.1.9+ds-1~deb11u1	trafficserver-experimental-plugins-dbgsym_8.1.9+ds-1~deb11u1_armhf.deb
Debian	11	arm64	trafficserver-dev	< 8.1.9+ds-1~deb11u1	trafficserver-dev_8.1.9+ds-1~deb11u1_arm64.deb
Debian	10	armhf	trafficserver-experimental-plugins	< 8.1.7-0+deb10u2	trafficserver-experimental-plugins_8.1.7-0+deb10u2_armhf.deb
Debian	10	all	trafficserver	< 8.1.7-0+deb10u2	trafficserver_8.1.7-0+deb10u2_all.deb
Debian	10	amd64	trafficserver-dev	< 8.1.7-0+deb10u2	trafficserver-dev_8.1.7-0+deb10u2_amd64.deb
Debian	11	armhf	trafficserver-dbgsym	< 8.1.9+ds-1~deb11u1	trafficserver-dbgsym_8.1.9+ds-1~deb11u1_armhf.deb