MGASA-2020-0025 - Updated varnish packages fix security vulnerability

Publication date: 07 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0025.html
Type: security
Affected Mageia releases: 7

Updated varnish packages fix security vulnerability:

A bug has been discovered in Varnish Cache where we fail to clear a
pointer between the handling of one client requests and the next on
the same connection. This can under specific circumstances lead to
information being leaked from the connection workspace (VSV00004).

The varnish package has been updated to version 6.3.1, which includes
many fixes and enhancements. See the upstream documentation for details.

References:
- https://bugs.mageia.org/show_bug.cgi?id=25960
- https://varnish-cache.org/security/VSV00004.html
- https://varnish-cache.org/docs/6.3/whats-new/index.html
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/B3OBLEH47QRUDDGH3YDMJ3SNT3D5LLDB/

SRPMS:
- 7/core/varnish-6.3.1-1.mga7