Mageia Advisory: MGASA-2020-0025 - Updated varnish packages fix security vulnerability

Updated varnish packages fix security vulnerability

Publication date: 07 Jan 2020
Modification date: 07 Jan 2020
Type: security
Affected Mageia releases : 7

Description

Updated varnish packages fix security vulnerability:

A bug has been discovered in Varnish Cache where we fail to clear a
pointer between the handling of one client requests and the next on
the same connection. This can under specific circumstances lead to
information being leaked from the connection workspace (VSV00004).

The varnish package has been updated to version 6.3.1, which includes
many fixes and enhancements. See the upstream documentation for details.

References

https://bugs.mageia.org/show_bug.cgi?id=25960
https://varnish-cache.org/security/VSV00004.html
https://varnish-cache.org/docs/6.3/whats-new/index.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/B3OBLEH47QRUDDGH3YDMJ3SNT3D5LLDB/

SRPMS

7/core

varnish-6.3.1-1.mga7

Advisories » MGASA-2020-0025

Updated varnish packages fix security vulnerability

Description

References

SRPMS

7/core