trafficserver-users mailing list archives

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	Bryan Call <bc...@apache.org>
Subject	[ANNOUNCE] Apache Traffic Server ESI plugin has a memory disclosure vulnerability
Date	Wed, 02 Dec 2020 19:19:34 GMT
Description: The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. CVE: CVE-2020-17508 Vendor: The Apache Software Foundation Version Affected: ATS 6.0.0 to 6.2.3 ATS 7.0.0 to 7.1.11 ATS 8.0.0 to 8.1.0 Mitigation: 6.x users should upgrade to 7.1.12, 8.1.1, or later versions 7.x users should upgrade to 7.1.12 or later versions 8.x users should upgrade to 8.1.1 or later versions References: Downloads: https://trafficserver.apache.org/downloads <https://trafficserver.apache.org/downloads> (Please use backup sites from the link only if the mirrors are unavailable) CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17508 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17508> -Bryan
Mime	Unnamed multipart/alternative (inline, None, 0 bytes) Unnamed text/plain (inline, Quoted Printable, 789 bytes) Unnamed text/html (inline, Quoted Printable, 5433 bytes)
	View raw message