Candidate: CVE-2018-8005
PublicDate: 2018-08-29 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8005
 http://www.openwall.com/lists/oss-security/2018/08/29/4
 https://github.com/apache/trafficserver/pull/3106
 https://github.com/apache/trafficserver/pull/3124
 https://github.com/apache/trafficserver/commit/bbcbb7cf7f25ebfe3a97d792e889de618e41a6a4
Description:
 When there are multiple ranges in a range request, Apache Traffic Server
 (ATS) will read the entire object from cache. This can cause performance
 problems with large objects in cache. This affects versions 6.0.0 to 6.2.2
 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should
 upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or
 later versions.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L [5.3 MEDIUM]


Patches_trafficserver:
upstream_trafficserver: released (7.1.4+ds-1)
precise/esm_trafficserver: DNE
trusty_trafficserver: ignored (reached end-of-life)
trusty/esm_trafficserver: DNE (trusty was needs-triage)
xenial_trafficserver: ignored (end of standard support, was needed)
bionic_trafficserver: needed
cosmic_trafficserver: not-affected (7.1.4+ds-1)
disco_trafficserver: not-affected (7.1.4+ds-1)
eoan_trafficserver: not-affected (7.1.4+ds-1)
focal_trafficserver: not-affected (7.1.4+ds-1)
groovy_trafficserver: not-affected (7.1.4+ds-1)
hirsute_trafficserver: not-affected (7.1.4+ds-1)
impish_trafficserver: not-affected (7.1.4+ds-1)
jammy_trafficserver: not-affected (7.1.4+ds-1)
devel_trafficserver: not-affected (7.1.4+ds-1)