CVE-2018-1318

NameCVE-2018-1318
DescriptionAdding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4282-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
trafficserver (PTS)stretch (security), stretch7.0.0-6+deb9u2fixed
buster8.0.0-4fixed
sid8.0.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
trafficserversource(unstable)7.1.4+ds-1medium
trafficserversourcestretch7.0.0-6+deb9u2mediumDSA-4282-1

Notes

http://www.openwall.com/lists/oss-security/2018/08/29/3
https://github.com/apache/trafficserver/pull/3195
https://github.com/apache/trafficserver/commit/e6dfda305acf85250861ecfa14a7bd6bb2fad5c3

Search for package or bug name: Reporting problems