drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in Varnish
Name: |
Denial of Service in Varnish |
|
ID: |
FEDORA-2015-4079 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 21 |
|
Datum: |
Sa, 11. April 2015, 16:10 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Varnish |
|
Originalnachricht |
Name : varnish Product : Fedora 21 Version : 4.0.3 Release : 3.fc21 URL : http://www.varnish-cache.org/ Summary : High-performance HTTP accelerator Description : This is Varnish Cache, a high-performance HTTP accelerator. Documentation wiki and additional information about Varnish is available on the following web site: http://www.varnish-cache.org/
------------------------------------------------------------------------------- - Update Information:
This update fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread.
New upstream release. A bugfix release.
Highlights from the changelog:
* 26 reported bugs fixed.
* Replaced objects are now expired immediately, instead of kept around until expiry.
* Memory usage on chunked backend responses is lower
Fore a detailed list of changes, please see the project's announcement at https://www.varnish-cache.org/content/varnish-cache-403 ------------------------------------------------------------------------------- - ChangeLog:
* Fri Mar 13 2015 Ingvar Hagelund <ingvar@redpill-linpro.com> 4.0.3-3 - Added a patch fixing a crash on bogus content-length header, closing #1200034 * Fri Mar 6 2015 Ingvar Hagelund <ingvar@redpill-linpro.com> 4.0.3-2 - Added selinux module for varnish4 on el6 * Thu Mar 5 2015 Ingvar Hagelund <ingvar@redpill-linpro.com> 4.0.3-1 - New upstream release - Removed systemd patch included upstream - Rebased trivial Werr-patch for varnish-4.0.3 - Added patch to build on el5 * Tue Nov 25 2014 Ingvar Hagelund <ingvar@redpill-linpro.com> 4.0.2-1 - New upstream release - Rebased sphinx makefile patch - Added systemd services patch from Federico Schwindt * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.0.1-2.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1200034 - varnish: heap-based buffer overflow in backend server HTTP response parsing https://bugzilla.redhat.com/show_bug.cgi?id=1200034 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update varnish' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|