Fedora 21: varnish Security Update

    Date11 Apr 2015
    CategoryFedora
    75
    Posted ByLinuxSecurity Advisories
    This update fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread. New upstream release. A bugfix release. Highlights from the changelog: * 26 reported bugs fixed. * Replaced objects are now expired immediately, instead of kept around until expiry.
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2015-4079
    2015-03-18 05:57:45
    --------------------------------------------------------------------------------
    
    Name        : varnish
    Product     : Fedora 21
    Version     : 4.0.3
    Release     : 3.fc21
    URL         : http://www.varnish-cache.org/
    Summary     : High-performance HTTP accelerator
    Description :
    This is Varnish Cache, a high-performance HTTP accelerator.
    Documentation wiki and additional information about Varnish is
    available on the following web site: http://www.varnish-cache.org/
    
    --------------------------------------------------------------------------------
    Update Information:
    
    This update fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread.
    
    
    New upstream release. A bugfix release.
    
    Highlights from the changelog: 
    * 26 reported bugs fixed.
    * Replaced objects are now expired immediately, instead of kept around until expiry.
    * Memory usage on chunked backend responses is lower
    
    Fore a detailed list of changes, please see the project's announcement at https://www.varnish-cache.org/content/varnish-cache-403
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Fri Mar 13 2015 Ingvar Hagelund  4.0.3-3
    - Added a patch fixing a crash on bogus content-length header,
      closing #1200034
    * Fri Mar  6 2015 Ingvar Hagelund  4.0.3-2
    - Added selinux module for varnish4 on el6
    * Thu Mar  5 2015 Ingvar Hagelund  4.0.3-1
    - New upstream release
    - Removed systemd patch included upstream
    - Rebased trivial Werr-patch for varnish-4.0.3
    - Added patch to build on el5
    * Tue Nov 25 2014 Ingvar Hagelund  4.0.2-1
    - New upstream release
    - Rebased sphinx makefile patch
    - Added systemd services patch from Federico Schwindt
    * Mon Aug 18 2014 Fedora Release Engineering  - 4.0.1-2.1
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1200034 - varnish: heap-based buffer overflow in backend server HTTP response parsing
            https://bugzilla.redhat.com/show_bug.cgi?id=1200034
    --------------------------------------------------------------------------------
    
    This update can be installed with the "yum" update program.  Use
    su -c 'yum update varnish' at the command line.
    For more information, refer to "Managing Software with yum",
    available at http://docs.fedoraproject.org/yum/.
    
    All packages are signed with the Fedora Project GPG key.  More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://admin.fedoraproject.org/mailman/listinfo/package-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.