MGASA-2022-0079 - Updated varnish packages fix security vulnerability

Publication date: 22 Feb 2022
URL: https://advisories.mageia.org/MGASA-2022-0079.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-23959

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS
before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before
4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1
connections. (CVE-2022-23959)

References:
- https://bugs.mageia.org/show_bug.cgi?id=30048
- https://www.debian.org/lts/security/2022/dla-2920
- https://docs.varnish-software.com/security/VSV00008/
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959

SRPMS:
- 8/core/varnish-6.5.1-1.2.mga8