An update for trafficserver is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP3
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1692
Final
1.0
1.0
2022-06-02
Initial
2022-06-02
2022-06-02
openEuler SA Tool V1.0
2022-06-02
trafficserver security update
An update for trafficserver is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP3.
Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache.
Security Fix(es):
Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1.(CVE-2021-44040)
An update for trafficserver is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
trafficserver
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1692
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-44040
https://nvd.nist.gov/vuln/detail/CVE-2021-44040
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
trafficserver-debuginfo-9.1.2-1.oe1.aarch64.rpm
trafficserver-debugsource-9.1.2-1.oe1.aarch64.rpm
trafficserver-perl-9.1.2-1.oe1.aarch64.rpm
trafficserver-9.1.2-1.oe1.aarch64.rpm
trafficserver-devel-9.1.2-1.oe1.aarch64.rpm
trafficserver-debugsource-9.1.2-1.oe1.aarch64.rpm
trafficserver-devel-9.1.2-1.oe1.aarch64.rpm
trafficserver-9.1.2-1.oe1.aarch64.rpm
trafficserver-perl-9.1.2-1.oe1.aarch64.rpm
trafficserver-debuginfo-9.1.2-1.oe1.aarch64.rpm
trafficserver-9.1.2-1.oe1.src.rpm
trafficserver-9.1.2-1.oe1.src.rpm
trafficserver-debugsource-9.1.2-1.oe1.x86_64.rpm
trafficserver-devel-9.1.2-1.oe1.x86_64.rpm
trafficserver-perl-9.1.2-1.oe1.x86_64.rpm
trafficserver-9.1.2-1.oe1.x86_64.rpm
trafficserver-debuginfo-9.1.2-1.oe1.x86_64.rpm
trafficserver-devel-9.1.2-1.oe1.x86_64.rpm
trafficserver-debuginfo-9.1.2-1.oe1.x86_64.rpm
trafficserver-debugsource-9.1.2-1.oe1.x86_64.rpm
trafficserver-9.1.2-1.oe1.x86_64.rpm
trafficserver-perl-9.1.2-1.oe1.x86_64.rpm
Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1.
2022-06-02
CVE-2021-44040
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
High
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
trafficserver security update
2022-06-02
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1692