Denial of Service in Varnish
ID: | FEDORA-2015-4063 |
Distribution: | Fedora |
Plattformen: | Fedora 22 |
Datum: | Mo, 23. März 2015, 10:36 |
Referenzen: | https://bugzilla.redhat.com/show_bug.cgi?id=1200034 |
Applikationen: | Varnish |
Originalnachricht |
|
Name : varnish Product : Fedora 22 Version : 4.0.3 Release : 3.fc22 URL : http://www.varnish-cache.org/ Summary : High-performance HTTP accelerator Description : This is Varnish Cache, a high-performance HTTP accelerator. Documentation wiki and additional information about Varnish is available on the following web site: http://www.varnish-cache.org/ -------------------------------------------------------------------------------- Update Information: Added an update that fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread. New upstream release. A bugfix release. Highlights from the changelog: * 26 reported bugs fixed. * Replaced objects are now expired immediately, instead of kept around until expiry. * Memory usage on chunked backend responses is lower Fore a detailed list of changes, please see the project's announcement at https://www.varnish-cache.org/content/varnish-cache-403 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1200034 - varnish: heap-based buffer overflow in backend server HTTP response parsing https://bugzilla.redhat.com/show_bug.cgi?id=1200034 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update varnish' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce |