Candidate: CVE-2017-7671
PublicDate: 2018-02-27 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7671
 https://github.com/apache/trafficserver/pull/1941
 https://lists.apache.org/thread.html/203bdcf9bbb718f3dc6f7aaf3e2af632474d51fa9e7bfb7832729905@%3Cdev.trafficserver.apache.org%3E
Description:
 There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to
 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can
 cause the server to coredump.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_trafficserver:
 upstream: https://github.com/apache/trafficserver/commit/15a4345bb017c56b1a35a43353ca4990d60b5c9b
upstream_trafficserver: released (7.1.2+ds-1)
precise/esm_trafficserver: DNE
trusty_trafficserver: ignored (reached end-of-life)
trusty/esm_trafficserver: DNE (trusty was needs-triage)
xenial_trafficserver: ignored (end of standard support, was needed)
artful_trafficserver: ignored (reached end-of-life)
bionic_trafficserver: not-affected (7.1.2+ds-2build1)
cosmic_trafficserver: not-affected (7.1.2+ds-2build1)
disco_trafficserver: not-affected (7.1.2+ds-2build1)
eoan_trafficserver: not-affected (7.1.2+ds-2build1)
focal_trafficserver: not-affected (7.1.2+ds-2build1)
groovy_trafficserver: not-affected (7.1.2+ds-2build1)
hirsute_trafficserver: not-affected (7.1.2+ds-2build1)
impish_trafficserver: not-affected (7.1.2+ds-2build1)
jammy_trafficserver: not-affected (7.1.2+ds-2build1)
devel_trafficserver: not-affected (7.1.2+ds-2build1)