Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service, HTTP request smuggling, cache poisoning or incomplete dropping of privileges.
Comment
Harri K. Koskinen discovered a flaw in the multithreaded .xz decoder lzma_stream_decoder_mt in xz-utils, the XZ-format compression utilities, which may lead to denial of service (application crash) or the execution of arbitrary code.
Backport fixes from v1.127.1
Update to 135.0.7049.52 High CVE-2025-3066: Use after free in Navigations Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs Medium CVE-2025-3068: Inappropriate implementation in Intents Medium CVE-2025-3069: Inappropriate implementation in Extensions
A security vulnerability was found in Tomcat 10, a Java based web server and servlet engine. A malicious user was able to view security sensitive files and/or inject content into those files when writes were enabled for the default servlet (disabled by default) and support for partial PUT was enabled