Advisories » MGASA-2022-0079

Updated varnish packages fix security vulnerability

Publication date: 22 Feb 2022
Modification date: 25 Mar 2026
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-23959

Description

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS
before 6.0.10, and Varnish Enterprise (Cache Plus) 4.1.x before
4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1
connections. (CVE-2022-23959)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=30048
• https://www.debian.org/lts/security/2022/dla-2920
• https://docs.varnish-software.com/security/VSV00008/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959

SRPMS

8/core

• varnish-6.5.1-1.2.mga8