Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 7372-1: Varnish Security Advisory Updates

ubuntu
Calendar Grey March 26, 2025
Dist Ubuntu Esm H88
Varnish security issue may lead to unintended access. Updates available for Ubuntu 22.04, 20.04, and 18.04.
Varnish could allow unintended access to network services.

Summary

Varnish could allow unintended access to network services.

Software Description:

- varnish: state of the art, high-performance web accelerator

Details:

Martin van Kervel Smedshammer discovered that Varnish did not properly

sanitize certain HTTP headers. A remote attacker could possibly use this

issue to perform a cross-site request forgery (CSRF) attack.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   libvarnishapi2                  6.6.1-1ubuntu0.2+esm1
                                   Available with Ubuntu Pro
   varnish                         6.6.1-1ubuntu0.2+esm1
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   libvarnishapi2                  6.2.1-2ubuntu0.2+esm1
                                   Available with Ubuntu Pro
   varnish                         6.2.1-2ubuntu0.2+esm1
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   libvarnishapi1                  5.2.1-1ubuntu0.1+esm1
                                   Available with Ubuntu Pro
   varnish                         5.2.1-1ubuntu0.1+esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7372-1

  CVE-2022-45060

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7372-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here