Advisories ยป MGASA-2014-0065

Updated varnish packages fix CVE-2013-4484 and correct service behaviour

Publication date: 13 Feb 2014
Modification date: 13 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-4484

Description

Updated varnish packages fix security vulnerabilities:

Varnish before 3.0.5 allows remote attackers to cause a denial of service
(child-process crash and temporary caching outage) via a GET request with
trailing whitespace characters and no URI (CVE-2013-4484).

Also, the services have been converted from SysV init scripts to systemd-
native services, which should allow for more consistent behavior.
                

References

SRPMS

4/core

3/core