Mageia Advisory: MGASA-2014-0065 - Updated varnish packages fix CVE-2013-4484 and correct service behaviour

Updated varnish packages fix CVE-2013-4484 and correct service behaviour

Publication date: 13 Feb 2014
Modification date: 13 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-4484

Description

Updated varnish packages fix security vulnerabilities:

Varnish before 3.0.5 allows remote attackers to cause a denial of service
(child-process crash and temporary caching outage) via a GET request with
trailing whitespace characters and no URI (CVE-2013-4484).

Also, the services have been converted from SysV init scripts to systemd-
native services, which should allow for more consistent behavior.

References

http://lists.opensuse.org/opensuse-updates/2013-11/msg00029.html
https://bugs.mageia.org/show_bug.cgi?id=11678
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4484

SRPMS

4/core

varnish-3.0.3-12.1.mga4

3/core

varnish-3.0.3-7.5.mga3

Advisories » MGASA-2014-0065

Updated varnish packages fix CVE-2013-4484 and correct service behaviour

Description

References

SRPMS

4/core

3/core