OESA-2024-2470

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.(CVE-2024-38479)

Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.(CVE-2024-50305)

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.(CVE-2024-50306)

Database specific

{
    "severity": "Critical"
}

References

Affected packages

openEuler:24.03-LTS / trafficserver

Package

Name: trafficserver
Purl: pkg:rpm/openEuler/trafficserver&distro=openEuler-24.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.2.5-2.oe2403

Ecosystem specific

{
    "src": [
        "trafficserver-9.2.5-2.oe2403.src.rpm"
    ],
    "aarch64": [
        "trafficserver-9.2.5-2.oe2403.aarch64.rpm",
        "trafficserver-debuginfo-9.2.5-2.oe2403.aarch64.rpm",
        "trafficserver-debugsource-9.2.5-2.oe2403.aarch64.rpm",
        "trafficserver-devel-9.2.5-2.oe2403.aarch64.rpm",
        "trafficserver-perl-9.2.5-2.oe2403.aarch64.rpm"
    ],
    "x86_64": [
        "trafficserver-9.2.5-2.oe2403.x86_64.rpm",
        "trafficserver-debuginfo-9.2.5-2.oe2403.x86_64.rpm",
        "trafficserver-debugsource-9.2.5-2.oe2403.x86_64.rpm",
        "trafficserver-devel-9.2.5-2.oe2403.x86_64.rpm",
        "trafficserver-perl-9.2.5-2.oe2403.x86_64.rpm"
    ]
}