[ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396

From:	Bryan Call <bcall@apache.org>
To:	dev <dev@trafficserver.apache.org>,users@trafficserver.apache.org,announce@trafficserver.apache.org,security@trafficserver.apache.org,oss-security@lists.openwall.com,bugtraq@securityfocus.com,Masaori Koshiba <masaori@apache.org>
Cc:
Subject:	[ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396
Date:	Mon, 17 April 2017 23:09 GMT

There is a vulnerability in ATS with the HPACK Bomb Attack that can lead to a DoS.  Versions 6.0.0 to 6.2.0 are affected.  Please upgrade to ATS 6.2.1 or 7.0.0.

Downloads:
       https://trafficserver.apache.org/downloads

Jira Ticket:
   ttps://issues.apache.org/jira/browse/TS-5019

CVE
  https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-5396

-Bryan

Site Navigation