drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in Varnish
Name: |
Denial of Service in Varnish |
|
ID: |
DSA-3924-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie, Debian stretch |
|
Datum: |
Mi, 2. August 2017, 15:03 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Varnish |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3924-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 02, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : varnish CVE ID : not yet assigned Debian Bug : 870467
A denial of service vulnerability was discovered in Varnish, a state of the art, high-performance web accelerator. Specially crafted HTTP requests can cause the Varnish daemon to assert and restart, clearing the cache in the process.
See https://varnish-cache.org/security/VSV00001.html for details.
For the oldstable distribution (jessie), this problem has been fixed in version 4.0.2-1+deb8u1.
For the stable distribution (stretch), this problem has been fixed in version 5.0.0-7+deb9u1.
We recommend that you upgrade your varnish packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmBvk5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RtGA/+NEunyyxt3JyeKMnigZQ/OHC3Q/mAe88/PWbr+J11/pl7Gj8M8EMhbMRW A20e5B8QUmmcY5X0nwlqegbhVWTTSSMHfOUIcqT6BXPQ1wymeJ/ofSUGAudF0lG2 bzEidgK0MPFDScExy8P+fj/EnFoqeU0ChCAGe7TPGUJLumI/+KD72xoqltqfkSOK D6AgOeHdfbXD1g9gM11oqHvhQJoIVRIOrJyLB3v8fBmWWfqbyUWilxEj2JUXmweB ZsxMq17nwGbTXEeY8GMzTb9RwB3+IwFiAq6+UGtTaKoxszz3gmHe4Z5VBKyWuQuc a8caoLG5J2GLPCM517JfFy7AkeSiCTWKiBHVX8NMudo9eUeyfHwehcMmlOtaKYpT VIeLc8VkToRoBR8orU04koo9QYpF502K2+IjOYFGhOKLJPE4xyduU0/i6UOfIvXG PvR/SsUlgDxHElOebWBeN2tyNKDAdG7sHhxUaC2+mXveagzxhV4KfxHuL0QisCj3 LkJujSb+m3iC9+AsFwQr0X4D3sSRr7fP++KX6QCEjx7jPDu/IH+SfdUBX8Nmnv5W jK14bbV6ZHZNaPR+vFhQ1vJ3JkR/7Q5OdlTIDTxH6ByeE8/pOmzSsDq1V2arrigY stNFzbcRUt4HWbpu/pOvkwBEe6HcknR/rr1nRyS29icFjCBx79s= =wTIN -----END PGP SIGNATURE-----
|
|
|
|