OESA-2021-1437

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1437
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2021-1437.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2021-1437
Upstream
Published
2021-11-19T11:03:21Z
Modified
2025-08-12T05:09:25.209904Z
Summary
trafficserver security update
Details

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache.

Security Fix(es):

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.(CVE-2021-37147)

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.(CVE-2021-37149)

Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0.(CVE-2021-41585)

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0.(CVE-2021-43082)

Database specific
{
    "severity": "Critical"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / trafficserver

Package

Name
trafficserver
Purl
pkg:rpm/openEuler/trafficserver&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.1.0-4.oe1

Ecosystem specific

{
    "x86_64": [
        "trafficserver-9.1.0-4.oe1.x86_64.rpm",
        "trafficserver-devel-9.1.0-4.oe1.x86_64.rpm",
        "trafficserver-debuginfo-9.1.0-4.oe1.x86_64.rpm",
        "trafficserver-debugsource-9.1.0-4.oe1.x86_64.rpm",
        "trafficserver-perl-9.1.0-4.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "trafficserver-9.1.0-4.oe1.aarch64.rpm",
        "trafficserver-debuginfo-9.1.0-4.oe1.aarch64.rpm",
        "trafficserver-devel-9.1.0-4.oe1.aarch64.rpm",
        "trafficserver-debugsource-9.1.0-4.oe1.aarch64.rpm",
        "trafficserver-perl-9.1.0-4.oe1.aarch64.rpm"
    ],
    "src": [
        "trafficserver-9.1.0-4.oe1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP2 / trafficserver

Package

Name
trafficserver
Purl
pkg:rpm/openEuler/trafficserver&distro=openEuler-20.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.1.0-4.oe1

Ecosystem specific

{
    "x86_64": [
        "trafficserver-devel-9.1.0-4.oe1.x86_64.rpm",
        "trafficserver-debuginfo-9.1.0-4.oe1.x86_64.rpm",
        "trafficserver-debugsource-9.1.0-4.oe1.x86_64.rpm",
        "trafficserver-9.1.0-4.oe1.x86_64.rpm",
        "trafficserver-perl-9.1.0-4.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "trafficserver-devel-9.1.0-4.oe1.aarch64.rpm",
        "trafficserver-9.1.0-4.oe1.aarch64.rpm",
        "trafficserver-perl-9.1.0-4.oe1.aarch64.rpm",
        "trafficserver-debuginfo-9.1.0-4.oe1.aarch64.rpm",
        "trafficserver-debugsource-9.1.0-4.oe1.aarch64.rpm"
    ],
    "src": [
        "trafficserver-9.1.0-4.oe1.src.rpm"
    ]
}