Stay Secure with the Latest Linux Advisories

security advisoryFedorabugfix

Fedora 21: 2015-4079 Moderate: Varnish Content-Length Issue Fix

This update fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread. New upstream release. A bugfix release. Highlights from the changelog: * 26 reported bugs fixed. * Replaced objects are now expired immediately, instead of kept around until expiry.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-4079 2015-03-18 05:57:45 -------------------------------------------------------------------------------- Name : varnish Product : Fedora 21 Version : 4.0.3 Release : 3.fc21 URL : http://vinyl-cache.org/ Summary : High-performance HTTP accelerator Description : This is Varnish Cache, a high-performance HTTP accelerator. Documentation wiki and additional information about Varnish is available on the following web site: http://vinyl-cache.org/ -------------------------------------------------------------------------------- Update Information: This update fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread. New upstream release. A bugfix release. Highlights from the changelog: * 26 reported bugs fixed. * Replaced objects are now expired immediately, instead of kept around until expiry. * Memory usage on chunked backend responses is lower Fore a detailed list of changes, please see the project's announcement at -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 13 2015 Ingvar Hagelund 4.0.3-3 - Added a patch fixing a crash on bogus content-length header, closing #1200034 * Fri Mar 6 2015 Ingvar Hagelund 4.0.3-2 - Added selinux module for varnish4 on el6 * Thu Mar 5 2015 Ingvar Hagelund 4.0.3-1 - New upstream release - Removed systemd patch included upstream - Rebased trivial Werr-patch for varnish-4.0.3 - Added patch to build on el5 * Tue Nov 25 2014 Ingvar Hagelund 4.0.2-1 - New upstream release - Rebasedsphinx makefile patch - Added systemd services patch from Federico Schwindt * Mon Aug 18 2014 Fedora Release Engineering - 4.0.1-2.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1200034 - varnish: heap-based buffer overflow in backend server HTTP response parsing https://bugzilla.redhat.com/show_bug.cgi?id=1200034 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update varnish' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . This release tackles a data-size concern in Varnish, correcting flaws and minimizing RAM consumption in Fedora 21.. Varnish Update,Fedora Security,HTTP Accelerator Bugfix. . LinuxSecurity.com Team

Apr 11, 2015 Fedora