Fedora Linux 8492 Published by

A trafficserver security update has been released for Fedora 38.

[SECURITY] Fedora 38 Update: trafficserver-9.2.1-1.fc38

Fedora Update Notification
2023-06-23 01:00:55.101861

Name : trafficserver
Product : Fedora 38
Version : 9.2.1
Release : 1.fc38
URL : https://trafficserver.apache.org/
Summary : Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
Description :
Traffic Server is a high-performance building block for cloud services.
It's more than just a caching proxy server; it also has support for
plugins to build large scale web applications. Key features:

Caching - Improve your response time, while reducing server load and
bandwidth needs by caching and reusing frequently-requested web pages,
images, and web service calls.

Proxying - Easily add keep-alive, filter or anonymize content
requests, or add load balancing by adding a proxy layer.

Fast - Scales well on modern SMP hardware, handling 10s of thousands
of requests per second.

Extensible - APIs to write your own plug-ins to do anything from
modifying HTTP headers to handling ESI requests to writing your own
cache algorithm.

Proven - Handling over 400TB a day at Yahoo! both as forward and
reverse proxies, Apache Traffic Server is battle hardened.

Update Information:

Update to upstream 9.2.1; resolves CVE-2022-47184, CVE-2023-30631,

* Tue Jun 13 2023 Jered Floyd [jered@redhat.com] 9.2.1-1
- Update to upstream 9.2.1

[ 1 ] Bug #2213425 - trafficserver-9.2.1 is available
[ 2 ] Bug #2214994 - CVE-2022-47184 trafficserver: The TRACE method can be used to disclose network information [fedora-all]
[ 3 ] Bug #2214998 - CVE-2023-30631 trafficserver: Configuration option to block the PUSH method in ATS didn't work [fedora-all]
[ 4 ] Bug #2215002 - CVE-2023-33933 trafficserver: s3_auth plugin problem with hash calculation [fedora-all]

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-2e6bead58b' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at