Fedora 40: trafficserver 2024-111a8a624b Security Advisory Updates
Summary
Traffic Server is a high-performance building block for cloud services.
It's more than just a caching proxy server; it also has support for
plugins to build large scale web applications. Key features:
Caching - Improve your response time, while reducing server load and
bandwidth needs by caching and reusing frequently-requested web pages,
images, and web service calls.
Proxying - Easily add keep-alive, filter or anonymize content
requests, or add load balancing by adding a proxy layer.
Fast - Scales well on modern SMP hardware, handling 10s of thousands
of requests per second.
Extensible - APIs to write your own plug-ins to do anything from
modifying HTTP headers to handling ESI requests to writing your own
cache algorithm.
Proven - Handling over 400TB a day at Yahoo! both as forward and
reverse proxies, Apache Traffic Server is battle hardened.
Update Information:
Update to upstream 9.2.4, resolves CVE-2024-31309 (CONTINUATION frames DoS)
Change Log
* Wed Apr 3 2024 Jered Floyd
References
[ 1 ] Bug #2269627 - CVE-2024-31309 trafficserver: CONTINUATION frames DoS https://bugzilla.redhat.com/show_bug.cgi?id=2269627
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-111a8a624b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label