Advisories » MGASA-2017-0253

Updated varnish packages fix security vulnerability

Publication date: 09 Aug 2017
Modification date: 09 Aug 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-12425

Description

A denial of service vulnerability was discovered in Varnish, a state of
the art, high-performance web accelerator. Specially crafted HTTP
requests can cause the Varnish daemon to assert and restart, clearing
the cache in the process (CVE-2017-12425).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21449
• https://security-tracker.debian.org/tracker/CVE-2017-12425
• https://www.debian.org/security/2017/dsa-3924
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12425

SRPMS

6/core

• varnish-5.0.0-3.1.mga6