When there are multiple ranges in a range request, Apache Traffic Server
(ATS) will read the entire object from cache. This can cause performance
problems with large objects in cache. This affects versions 6.0.0 to 6.2.2
and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should
upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or
later versions.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | trafficserver | < any | UNKNOWN |
ubuntu | 16.04 | noarch | trafficserver | < any | UNKNOWN |
www.openwall.com/lists/oss-security/2018/08/29/4
github.com/apache/trafficserver/commit/bbcbb7cf7f25ebfe3a97d792e889de618e41a6a4
github.com/apache/trafficserver/pull/3106
github.com/apache/trafficserver/pull/3124
launchpad.net/bugs/cve/CVE-2018-8005
nvd.nist.gov/vuln/detail/CVE-2018-8005
security-tracker.debian.org/tracker/CVE-2018-8005
www.cve.org/CVERecord?id=CVE-2018-8005