ELBA-2025-30234
- ULN >
- Oracle Linux Errata repository >
- ELBA-2025-30234
ELBA-2025-30234 - trafficserver Bug Fix update
| Type: | BUG |
| Severity: | NA |
| Release Date: | 2025-01-08 |
Description
[9.2.7-1]
- Update to upstream 9.2.7
[9.2.6-2]
- Backport fix for broken oubound TLS with OpenSSL 3.2+
[9.2.6-1]
- Update to upstream 9.2.6
[9.2.5-1]
- Update to upstream 9.2.5
- Resolves CVE-2023-38522, CVE-2024-35161, CVE-2024-35296
[9.2.4-4]
- convert license to SPDX
[9.2.4-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
[9.2.4-2]
- Enable build with deprecated OpenSSL Engine
https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine
[9.2.4-1]
- Update to upstream 9.2.4
- Resolves CVE-2024-31309
[9.2.3-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
[9.2.3-1]
- Update to upstream 9.2.3
- Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456
[9.2.2-2]
- Use OpenSSL 1.1.x from EPEL on RHEL 7 to fix Chrome 117+ bugs
[9.2.2-1]
- Update to upstream 9.2.2
[9.2.1-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
[9.2.1-1]
- Update to upstream 9.2.1
[9.2.0-1]
- Update to upstream 9.2.0
[9.1.4-1]
- Update to 9.1.4, resolves CVE-2022-32749, CVE-2022-37392, CVE-2022-40743
[9.1.3-2]
- FTI on EL8 due to lack of libbrotli pkg; use RPM autodeps instead
[9.1.3-2]
- Update dependencies to enable brotli compression (RHBZ#2125520)
[9.1.3-1]
- Update to 9.1.3, resolves CVE-2022-25763, CVE-2022-31779, CVE-2021-37150,
CVE-2022-28129, CVE-2022-31780
- Resolve glibc 2.36 (f37) header incompatibility that caused FTBFS RHBZ#2112282
[9.1.2-9]
- Don't try to use Crypto Policies on RHEL 7
[9.1.2-8]
- Cherry-pick OpenSSL 3 compatibility required for RHEL 9
- Switch to OpenSSL 3 on f36+
- Include automake in BuildRequires
[9.1.2-7]
- Exclude s390x architecture -- not supported upstream
[9.1.2-6]
- Further changes based on package review; perl dependencies, paths
[9.1.2-5]
- Changes based on spec review; change 'RedHat' capitalization,
and add link to upstream file layout discussion
[9.1.2-4]
- Changes based on spec review
[9.1.2-3]
- Allow self:process setsched, requested on EL8
[9.1.2-2]
- Set SELinux policy to be more restrictive on privileged UDP ports
[9.1.2-1]
- Initial revision
- Adapt to modern rpm conventions
- Add draft SELinux policy
- Don't run as root, just claim CAP_NET_BIND_SERVICE for
privileged ports
- Merge and cleanup of upstream .spec file along with Copr version
maintained by Hiroaki Nakamura
long-ophaned package. ChangeLog included below for reference.
[9.1.1-1]
- Update to 9.1.1
[9.1.0-1]
- Update to 9.1.0
- Disable mime-sanity-check which is usable only in debug build
[9.0.2-1]
- Update to 9.0.2
- Use yaml-cpp vendored in lib/yamlcpp
[8.1.2-1]
- Update to 8.1.2
[8.0.5-1]
- Update to 8.0.5 LTS release
[7.1.8-1]
- Update to 7.1.8 LTS release
[7.1.6-1]
- Update to 7.1.6 LTS release
- Return stale cache with s-maxage only if
cache_required_headers is 99
[7.1.3-1]
- Update to 7.1.3 LTS release
[7.1.2-1]
- Update to 7.1.2 LTS release
[7.1.1-1]
- Update to 7.1.1 LTS release
[7.1.0-1]
- Update to 7.1.0 LTS release
[7.0.0-2]
- Remove expat-devel from build dependencies
[7.0.0-1]
- Update to 7.0.0 LTS release
[6.2.0-2]
- Return stale cache even if the origin server response has
'Cache-Control: s-maxage' header.
[6.2.0-1]
- Update to 6.2.0 LTS release
[6.1.1-10]
- Add patch to add new value to proxy.config.http.cache.required_headers
to require s-maxage for contents to be cached.
- Remove patch to concatenate multiple header values of
the same name in TSLua.
[6.1.1-9]
- Fix bug in patch to concatenate multiple header values of
the same name in TSLua.
[6.1.1-8]
- Concatenate multiple header values of the same name in TSLua.
[6.1.1-7]
- Remove patch to add proxy.config.http.cache.ignore_expires and
proxy.config.http.cache.ignore_server_cc_max_age.
[6.1.1-6]
- Apply patch to add proxy.config.http.cache.ignore_expires and
proxy.config.http.cache.ignore_server_cc_max_age.
[6.1.1-5]
- Disable patch to enable unix domain socket.
[6.1.1-4]
- Apply patch to enable unix domain socket.
[6.1.1-3]
- Enable luajit
[6.1.1-2]
- Set prefix to /opt/trafficserver and use relative directories
[6.1.1-1]
- Update to 6.1.1 LTS release
[6.1.0-1]
- Update to 6.1.0 LTS release
[6.0.0-3]
- Build experimental plugins
[6.0.0-2]
- Just use configure --disable-luajit without a patch or deleting files
[6.0.0-1]
- Update to 6.0.0 LTS release
[5.3.0-2]
- Add patch to cache_insepector to split multiline URLs correctly
[5.3.0-1]
- Update to 5.3.0 LTS release
- Build on aarch64 and power64
- Split perl bindings to sub package
- Cleanup and modernise spec
[5.0.1-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
[5.0.1-3]
- Rebuilt for GCC 5 C++11 ABI change
[5.0.1-2]
- Rebuild for boost 1.57.0
[5.0.1-1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
[5.0.1-0]
- Fix CVE-2014-3525
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory | Channel Label |
| Oracle Linux 8 (x86_64) | trafficserver-9.2.7-1.el8.src.rpm | 641f80f7b23043d36f47d61058e71881 | - | ol8_x86_64_developer_EPEL |
| trafficserver-9.2.7-1.el8.x86_64.rpm | 4da06ea6798c7fd7ea93d964bb5bc7cd | - | ol8_x86_64_developer_EPEL | |
| trafficserver-devel-9.2.7-1.el8.noarch.rpm | c92a5893416c993ab8b1ef58fc91e65a | - | ol8_x86_64_developer_EPEL | |
| trafficserver-perl-9.2.7-1.el8.noarch.rpm | 66a383f31b8108ee8cee712b3aa03417 | - | ol8_x86_64_developer_EPEL | |
| trafficserver-selinux-9.2.7-1.el8.noarch.rpm | adf348a6300c18c9437bad9604dd63cd | - | ol8_x86_64_developer_EPEL | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
