Fedora 38 : trafficserver (2023-dcbfbf1396)

critical Nessus Plugin ID 179959

Language:

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-dcbfbf1396 advisory.

Update to upstream 9.2.2.

Changes with Apache Traffic Server 9.2.2 #9544 - Docs: format typos in header_rewrite doc #9754 - Fix OCSP detection during build (9.2.x) #9829 - Add TSHttpTxnNextHopPortGet, add NEXT-HOP to header rewrite #9831 - Allow slice plugin to purge requests #9840 - Fix crash on config reload with BoringSSL #9877 - Do not add content-length for status 204 cache #9879 - doc: fix the internal libraries section formatting #9886 - Fix deprecated set_class for documentation build #9943 - Add yaml libs reference to HTTP proxy test suite.
#9944 - Fix clang-format for 9.2.x branch #9952 - 92x autest updates #9959 - 9.2.x: OpenSSL 3.0 tls autest updates (#9947) #9971 - Update to autest version 1.10.3 #9976 - fix: require RSRC_CLIENT_REQUEST_HEADERS in ConditionMethod #9989 - Do not set @SECLEVEL with boringssl #10038 - LSan: Fix leaks of Cache Unit Test #10054 - Demote SSL log line to debug and remove key printing #10093 - tools/check-unused-dependencies: make exceptions for tools under clang+asan #10103 - autest get_port: update to use psutil #10105 - Update autest to the latest 1.10.4 #10107 - Fix ports.py type hint for sets on older Python #10124 - Fix DbgCtl reference that got cherry-picked into 9.2.x #10125 - Remove duplicate slashes at the beginning of the incoming URL #10127 - 9.2.x: Correctly handle encoding for cache hash generation #10131 - 9.2.x: Fix a crash triggered by invalid range header



Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected trafficserver package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2023-dcbfbf1396

Plugin Details

Severity: Critical

ID: 179959

File Name: fedora_2023-dcbfbf1396.nasl

Version: 1.1

Type: local

Agent: unix

Published: 8/18/2023

Updated: 11/14/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 9.4

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

CVSS Score Source: CVE-2023-33934

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:trafficserver, cpe:/o:fedoraproject:fedora:38

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 8/9/2023

Vulnerability Publication Date: 8/9/2023

Reference Information

CVE: CVE-2022-47185, CVE-2023-33934