CVE-2018-1318 — trafficserver - security update

Description

Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

How to fix CVE-2018-1318

To remediate CVE-2018-1318, upgrade the affected package to a fixed version below.

—upgrade to 7.1.4+ds-1 or later
—upgrade to 7.0.0-6+deb9u2 or later

Is CVE-2018-1318 being exploited?

Moderate — EPSS is 14.6%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 7.1.4+ds-1
from 0, < 7.0.0-6+deb9u2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2018-1318