{"id":"OESA-2026-2384","summary":"trafficserver security update","details":"Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache.\r\n\r\nSecurity Fix(es):\n\nA bug in POST request handling causes a crash under a certain condition.\n\nThis issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12.\n\nUsers are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue.\n\nA workaround for older versions is to set proxy.config.http.request_buffer_enabled to 0 (the default value is 0).(CVE-2025-58136)","modified":"2026-05-22T13:30:17.910139816Z","published":"2026-05-22T13:17:27Z","upstream":["CVE-2025-58136"],"database_specific":{"severity":"High"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2384"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58136"}],"affected":[{"package":{"name":"trafficserver","ecosystem":"openEuler:20.03-LTS-SP4","purl":"pkg:rpm/openEuler/trafficserver&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.1.4-6.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["trafficserver-9.1.4-6.oe2003sp4.aarch64.rpm","trafficserver-debuginfo-9.1.4-6.oe2003sp4.aarch64.rpm","trafficserver-debugsource-9.1.4-6.oe2003sp4.aarch64.rpm","trafficserver-devel-9.1.4-6.oe2003sp4.aarch64.rpm","trafficserver-perl-9.1.4-6.oe2003sp4.aarch64.rpm"],"x86_64":["trafficserver-9.1.4-6.oe2003sp4.x86_64.rpm","trafficserver-debuginfo-9.1.4-6.oe2003sp4.x86_64.rpm","trafficserver-debugsource-9.1.4-6.oe2003sp4.x86_64.rpm","trafficserver-devel-9.1.4-6.oe2003sp4.x86_64.rpm","trafficserver-perl-9.1.4-6.oe2003sp4.x86_64.rpm"],"src":["trafficserver-9.1.4-6.oe2003sp4.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2026-2384.json"}}],"schema_version":"1.7.5"}