Advisories » MGASA-2016-0150

Updated varnish packages fix CVE-2015-8852

Publication date: 25 Apr 2016
Modification date: 25 Apr 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8852

Description

Updated varnish packages fix security vulnerabilities:

Régis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse
proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache
poisoning or bypassing of access control policies (CVE-2015-8852).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18244
• https://www.debian.org/security/2016/dsa-3553
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8852

SRPMS

5/core

• varnish-3.0.3-19.1.mga5