Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Debian 10: DLA-3208-1 Moderate: Varnish Request Forgery Exploit

debian lts
Calendar Grey November 27, 2022
Dist Debian Esm H88
Debian LTS Advisory DLA-3209-1 addresses security issues in Nginx, implementing fixes for denial-of-service vulnerabilities and enhancing overall functionality.
Martin van Kervel Smedshammer discovered a request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on
Topics%20covered

Topics Covered

security advisory security issue debian moderate severity request forgery varnish HTTP/2

Summary

We recommend that you upgrade your varnish packages.

For the detailed security status of varnish please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/varnish

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


-------------------------------------------------------------------------Package: varnish
Version: 6.1.1-1+deb10u4
CVE ID: CVE-2020-11653 CVE-2022-45060
Debian Bug: 956307 1023751

Topics%20covered

Topics Covered

security advisory security issue debian moderate severity request forgery varnish HTTP/2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here