Stay Secure with the Latest Linux Advisories

security advisorysoftware updateFedora

Fedora 42: Varnish Update - Low Risk Client-Side Desynchronization

Security: This update includes fix for VSV00015 aka CVE-2025-30346. Upstream considers this a low risk problem. For details, refer to cache.org/security/VSV00015.html.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-b7f0c55e00 2025-04-11 18:19:12.061289+00:00 -------------------------------------------------------------------------------- Name : varnish Product : Fedora 42 Version : 7.6.1 Release : 5.fc42 URL : cache.org// Summary : High-performance HTTP accelerator Description : This is Varnish Cache, a high-performance HTTP accelerator. Varnish Cache stores web pages in memory so web servers don’t have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a significant speed up. Documentation wiki and additional information about Varnish Cache is available on: cache.org// -------------------------------------------------------------------------------- Update Information: Security: This update includes fix for VSV00015 aka CVE-2025-30346. Upstream considers this a low risk problem. For details, refer to cache.org/security/VSV00015.html. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 24 2025 Ingvar Hagelund - 7.6.1-5 - Added fix prohibiting build on s390x * Mon Mar 24 2025 Ingvar Hagelund - 7.6.1-4 - Added security patch VSV00015 aka CVE-2025-30346, rhbz#2354008 * Sun Jan 19 2025 Fedora Release Engineering - 7.6.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2354008 - CVE-2025-30346 varnish: Client-Side Desynchronization in Varnish Cache https://bugzilla.redhat.com/show_bug.cgi?id=2354008 -------------------------------------------------------------------------------- This update can be installed with the "dnf"update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-b7f0c55e00' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . The latest Varnish update addresses a minor client-side desynchronization bug. Please refer to the documentation for installation guidance.. Varnish Cache Update, Fedora Security Fix, HTTP Accelerator Patch, Low Risk Vulnerability. . Severity: Low. LinuxSecurity.com Team

Apr 11, 2025 •Low Fedora