- ------------------------------------------------------------------------- Debian Security Advisory DSA-2814-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso December 09, 2013 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : varnish Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2013-4484 Debian Bug : 728989 A denial of service vulnerability was reported in varnish, a state of the art, high-performance web accelerator. With some configurations of varnish a remote attacker could mount a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI. For the oldstable distribution (squeeze), this problem has been fixed in version 2.1.3-8+deb6u1. For the stable distribution (wheezy), this problem has been fixed in version 3.0.2-2+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 3.0.5-1. We recommend that you upgrade your varnish packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Debian: DSA-2814-1: varnish security update
A denial of service vulnerability was reported in varnish, a state of the art, high-performance web accelerator. With some configurations of varnish a remote attacker could mount a denial of service (child-process crash and temporary caching outage) via a GET request with trailing
