trafficserver-9.2.9-1.el9
Changes with Apache Traffic Server 9.2.9
#12071 – Fix chunked pipelined requests
#12075 – Fix send 100 Continue optimization for GET
#12077 – Fix intercept plugin ignoring ACL
#12079 – ACL combination tests for 9.2.x
trafficserver-9.2.9-1.fc41
Changes with Apache Traffic Server 9.2.9
#12071 – Fix chunked pipelined requests
#12075 – Fix send 100 Continue optimization for GET
#12077 – Fix intercept plugin ignoring ACL
#12079 – ACL combination tests for 9.2.x
It was discovered that Ansible did not properly verify certain fields of
X.509 certificates. An attacker could possibly use this issue to spoof
SSL servers if they were able to intercept network communications. This
issue only affected Ubuntu 14.04 LTS. (CVE-2015-3908)
Martin Carpenter discovered that certain connection plugins for Ansible
did not properly restrict users. An attacker with local access could
possibly use this issue to escape a restricted environment via symbolic
links misuse. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-6240)
Robin Schneider discovered that Ansible’s apt_key module did not properly
verify key fingerprints. A remote attacker could possibly use this issue
to perform key injection, leading to the access of sensitive information.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-8614)
It was discovered that Ansible would expose passwords in certain
instances. An attacker could possibly use specially crafted input related
to this issue to access sensitive information. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-10206)
It was discovered that Ansible incorrectly logged sensitive information.
An attacker with local access could possibly use this issue to access
sensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu
16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2019-14846)
It was discovered that Ansible’s solaris_zone module accepted input without
performing input checking. A remote attacker could possibly use this issue
to enable the execution of arbitrary code. This issue only affected Ubuntu
16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-14904)
It was discovered that Ansible did not generate sufficiently random values,
which could lead to the exposure of passwords. An attacker could possibly
use this issue to access sensitive information. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10729)
It was discovered that Ansible’s svn module could disclose passwords to
users within the same node. An attacker could possibly use this issue to
access sensitive information. (CVE-2020-1739)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Media drivers;
– Direct Digital Synthesis drivers;
– TTY drivers;
– 9P distributed file system;
– ALSA framework;
(CVE-2023-52880, CVE-2024-43900, CVE-2024-36964, CVE-2024-50233,
CVE-2022-48994)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– PowerPC architecture;
– Block layer subsystem;
– GPIO subsystem;
– GPU drivers;
– Media drivers;
– Network drivers;
– SCSI subsystem;
– Direct Digital Synthesis drivers;
– TTY drivers;
– 9P distributed file system;
– JFS file system;
– NILFS2 file system;
– File systems infrastructure;
– BPF subsystem;
– Netfilter;
– Network sockets;
– Memory management;
– Amateur Radio drivers;
– B.A.T.M.A.N. meshing protocol;
– Bluetooth subsystem;
– Ethernet bridge;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Netlink;
– TIPC protocol;
– Wireless networking;
– ALSA framework;
(CVE-2022-48994, CVE-2024-43900, CVE-2024-40943, CVE-2024-41063,
CVE-2024-42070, CVE-2024-38567, CVE-2024-36964, CVE-2023-52522,
CVE-2024-53156, CVE-2024-53104, CVE-2024-43854, CVE-2024-42068,
CVE-2023-52818, CVE-2024-44931, CVE-2021-47103, CVE-2023-52799,
CVE-2024-43893, CVE-2024-36886, CVE-2024-49902, CVE-2024-36952,
CVE-2024-40911, CVE-2023-52488, CVE-2024-35896, CVE-2024-50117,
CVE-2024-50171, CVE-2021-47606, CVE-2024-40910, CVE-2024-43892,
CVE-2024-50148, CVE-2024-41064, CVE-2024-44938, CVE-2024-50233,
CVE-2023-52880, CVE-2024-43863, CVE-2024-26685, CVE-2024-40981)
It was discovered that Redis incorrectly handled certain memory operations
during pattern matching. An attacker could possibly use this issue to cause
a denial of service. (CVE-2024-31228)
It was discovered that Redis incorrectly handled certain specially crafted
Lua scripts. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. (CVE-2024-46981)
It was discovered that Redis incorrectly handled some malformed ACL
selectors. An attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 24.10 and Ubuntu 24.04 LTS.
(CVE-2024-51741)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– x86 architecture;
– Block layer subsystem;
– ACPI drivers;
– GPU drivers;
– HID subsystem;
– I2C subsystem;
– IIO ADC drivers;
– IIO subsystem;
– InfiniBand drivers;
– IOMMU subsystem;
– IRQ chip drivers;
– Multiple devices driver;
– Media drivers;
– Network drivers;
– STMicroelectronics network drivers;
– Parport drivers;
– Pin controllers subsystem;
– Direct Digital Synthesis drivers;
– TCM subsystem;
– TTY drivers;
– USB Dual Role (OTG-ready) Controller drivers;
– USB Serial drivers;
– USB Type-C support driver;
– USB Type-C Connector System Software Interface driver;
– BTRFS file system;
– File systems infrastructure;
– Network file system (NFS) client;
– NILFS2 file system;
– NTFS3 file system;
– SMB network file system;
– User-space API (UAPI);
– io_uring subsystem;
– BPF subsystem;
– Timer substystem drivers;
– Tracing infrastructure;
– Closures library;
– Memory management;
– Amateur Radio drivers;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– MAC80211 subsystem;
– Multipath TCP;
– Netfilter;
– Network traffic control;
– SCTP protocol;
– XFRM subsystem;
– Key management;
– FireWire sound drivers;
– HD-audio driver;
– QCOM ASoC drivers;
– STMicroelectronics SoC drivers;
– KVM core;
(CVE-2024-50163, CVE-2024-53104, CVE-2024-50287, CVE-2024-41066,
CVE-2024-53066, CVE-2024-53097, CVE-2024-50229, CVE-2024-50142,
CVE-2024-50182, CVE-2024-50156, CVE-2024-50195, CVE-2024-50232,
CVE-2024-53063, CVE-2024-50134, CVE-2024-50103, CVE-2024-50110,
CVE-2024-50115, CVE-2024-50233, CVE-2024-50202, CVE-2024-50268,
CVE-2024-50171, CVE-2024-50234, CVE-2024-50083, CVE-2024-53061,
CVE-2024-50194, CVE-2024-40953, CVE-2024-50143, CVE-2024-50278,
CVE-2024-50257, CVE-2024-56672, CVE-2024-50141, CVE-2024-50128,
CVE-2024-50117, CVE-2024-50292, CVE-2024-50148, CVE-2024-53055,
CVE-2024-35887, CVE-2024-50236, CVE-2024-50249, CVE-2024-50282,
CVE-2024-50218, CVE-2023-52913, CVE-2024-50262, CVE-2024-50269,
CVE-2024-50010, CVE-2024-50299, CVE-2024-39497, CVE-2024-50296,
CVE-2024-53052, CVE-2024-53058, CVE-2024-50201, CVE-2024-42291,
CVE-2024-50036, CVE-2024-50154, CVE-2024-50196, CVE-2024-50251,
CVE-2024-41080, CVE-2024-50074, CVE-2024-50205, CVE-2024-50131,
CVE-2024-42252, CVE-2024-50082, CVE-2024-50273, CVE-2024-50072,
CVE-2024-50301, CVE-2024-53088, CVE-2024-50058, CVE-2024-50085,
CVE-2024-50167, CVE-2024-50150, CVE-2024-50185, CVE-2024-50208,
CVE-2024-50151, CVE-2024-50086, CVE-2024-50127, CVE-2024-50153,
CVE-2024-53042, CVE-2024-50162, CVE-2024-50237, CVE-2024-50290,
CVE-2024-40965, CVE-2024-50193, CVE-2024-50245, CVE-2024-53059,
CVE-2024-53101, CVE-2024-50295, CVE-2024-50259, CVE-2024-50192,
CVE-2024-50265, CVE-2024-50279, CVE-2024-50116, CVE-2024-26718,
CVE-2024-50101, CVE-2024-50168, CVE-2024-50267, CVE-2024-50198,
CVE-2024-50230, CVE-2024-50199, CVE-2024-50099, CVE-2024-50247,
CVE-2024-50302, CVE-2024-50160, CVE-2024-50209, CVE-2024-50244)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Block layer subsystem;
– Network drivers;
(CVE-2024-50274, CVE-2024-53064, CVE-2024-56672)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Block layer subsystem;
(CVE-2024-56672)
A security issues was discovered in the Linux kernel.
An attacker could possibly use this to compromise the system.
This update corrects flaws in the following subsystems:
– Block layer subsystem;
(CVE-2024-56672)
