An update for trafficserver is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1692 Final 1.0 1.0 2022-06-02 Initial 2022-06-02 2022-06-02 openEuler SA Tool V1.0 2022-06-02 trafficserver security update An update for trafficserver is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP3. Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fix(es): Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1.(CVE-2021-44040) An update for trafficserver is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High trafficserver https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1692 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-44040 https://nvd.nist.gov/vuln/detail/CVE-2021-44040 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 trafficserver-debuginfo-9.1.2-1.oe1.aarch64.rpm trafficserver-debugsource-9.1.2-1.oe1.aarch64.rpm trafficserver-perl-9.1.2-1.oe1.aarch64.rpm trafficserver-9.1.2-1.oe1.aarch64.rpm trafficserver-devel-9.1.2-1.oe1.aarch64.rpm trafficserver-debugsource-9.1.2-1.oe1.aarch64.rpm trafficserver-devel-9.1.2-1.oe1.aarch64.rpm trafficserver-9.1.2-1.oe1.aarch64.rpm trafficserver-perl-9.1.2-1.oe1.aarch64.rpm trafficserver-debuginfo-9.1.2-1.oe1.aarch64.rpm trafficserver-9.1.2-1.oe1.src.rpm trafficserver-9.1.2-1.oe1.src.rpm trafficserver-debugsource-9.1.2-1.oe1.x86_64.rpm trafficserver-devel-9.1.2-1.oe1.x86_64.rpm trafficserver-perl-9.1.2-1.oe1.x86_64.rpm trafficserver-9.1.2-1.oe1.x86_64.rpm trafficserver-debuginfo-9.1.2-1.oe1.x86_64.rpm trafficserver-devel-9.1.2-1.oe1.x86_64.rpm trafficserver-debuginfo-9.1.2-1.oe1.x86_64.rpm trafficserver-debugsource-9.1.2-1.oe1.x86_64.rpm trafficserver-9.1.2-1.oe1.x86_64.rpm trafficserver-perl-9.1.2-1.oe1.x86_64.rpm Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1. 2022-06-02 CVE-2021-44040 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N trafficserver security update 2022-06-02 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1692