Debian alert DSA-4128-1 (trafficserver)
| From: | Sebastien Delafond <seb@debian.org> | |
| To: | debian-security-announce@lists.debian.org | |
| Subject: | [SECURITY] [DSA 4128-1] trafficserver security update | |
| Date: | Fri, 02 Mar 2018 16:23:54 +0000 | |
| Message-ID: | <E1ernTO-0000w5-2Z@seger.debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4128-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond March 02, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : trafficserver CVE ID : CVE-2017-5660 CVE-2017-7671 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server. They could lead to the use of an incorrect upstream proxy, or allow a remote attacker to cause a denial-of-service by application crash. For the stable distribution (stretch), these problems have been fixed in version 7.0.0-6+deb9u1. We recommend that you upgrade your trafficserver packages. For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlqZem4ACgkQEL6Jg/PV nWRrngf+N5S4zOMBaPdHfJN27x0ZTcEiNxvCh1yc2xQyu3suc+dSsFQ2adeEUIlC Jbd6zi11P9MoVDSrk4ywLX9AQz+E60UKMhnarUYWzhPvC76aFbXV2x3968TPXNoD wA5gXvE0w29OyNnSEAN8haEwMNv6BQcrSLE9SO4GI9cdfwM06rpYhVTKi78t+CZH wYiOuYgBNChNE5WoyJ4fypbxRLUzRNNNW0u/URX4rcxBvzAQ/Dikn5wX5z1Tl2t6 tfUo7Z6QYex3VwzPXbFcWWm6QQACoRPRmh16UK4/lWwvo0faa9f2usX3u+bIowWF rArW6BygAPlXiIuAnhE7aBlazRMiDQ== =Bawx -----END PGP SIGNATURE-----