Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

Ubuntu 20.04 LTS USN-5474-2: Varnish Cache Restart Due To Crafted Input

ubuntu
Calendar Grey August 24, 2022
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-5474-3 addresses a restart problem with Varnish Cache due to manipulated input impacting Ubuntu 22.04 LTS.
Varnish Cache could be made to restart if it received specially crafted input.

Summary

Varnish Cache could be made to restart if it received specially crafted input.

Software Description:

- varnish: state of the art, high-performance web accelerator

Details:

USN-5474-1 fixed vulnerabilities in Varnish Cache. Unfortunately the fix for

CVE-2020-11653 was incomplete. This update fixes the problem.

Original advisory details:

It was discovered that Varnish Cache could have an assertion failure when a

TLS termination proxy uses PROXY version 2. A remote attacker could possibly

use this issue to restart the daemon and cause a performance loss.

(CVE-2020-11653)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  libvarnishapi2                  6.2.1-2ubuntu0.2
  varnish                         6.2.1-2ubuntu0.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5474-1

CVE-2020-11653

Severity
important
Lowest
Low
Medium
High
Critical

August 23, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.