Candidate: CVE-2018-1318
PublicDate: 2018-08-29 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1318
 http://www.openwall.com/lists/oss-security/2018/08/29/3
 https://github.com/apache/trafficserver/pull/3195
Description:
 Adding method ACLs in remap.config can cause a segfault when the user makes
 a carefully crafted request. This affects versions Apache Traffic Server
 (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users
 running 6.x should upgrade to 6.2.3 or later versions and 7.x users should
 upgrade to 7.1.4 or later versions.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_trafficserver:
 other: https://github.com/apache/trafficserver/commit/e6dfda305acf85250861ecfa14a7bd6bb2fad5c3
upstream_trafficserver: released (7.1.4+ds-1)
precise/esm_trafficserver: DNE
trusty_trafficserver: ignored (reached end-of-life)
trusty/esm_trafficserver: DNE (trusty was needs-triage)
xenial_trafficserver: ignored (end of standard support, was needed)
bionic_trafficserver: needed
cosmic_trafficserver: not-affected (7.1.4+ds-1)
disco_trafficserver: not-affected (7.1.4+ds-1)
eoan_trafficserver: not-affected (7.1.4+ds-1)
focal_trafficserver: not-affected (7.1.4+ds-1)
groovy_trafficserver: not-affected (7.1.4+ds-1)
hirsute_trafficserver: not-affected (7.1.4+ds-1)
impish_trafficserver: not-affected (7.1.4+ds-1)
jammy_trafficserver: not-affected (7.1.4+ds-1)
devel_trafficserver: not-affected (7.1.4+ds-1)