[SECURITY] [DSA 4128-1] trafficserver security update

ID DEBIAN:DSA-4128-1:02B38
Type debian
Reporter Debian
Modified 2018-03-02T16:24:13


Debian Security Advisory DSA-4128-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond March 02, 2018 https://www.debian.org/security/faq

Package : trafficserver CVE ID : CVE-2017-5660 CVE-2017-7671

Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server. They could lead to the use of an incorrect upstream proxy, or allow a remote attacker to cause a denial-of-service by application crash.

For the stable distribution (stretch), these problems have been fixed in version 7.0.0-6+deb9u1.

We recommend that you upgrade your trafficserver packages.

For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org