FEDORA-2015-4079

security update in Fedora 21 for varnish

Status: stable 4 years ago

This update fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread.

New upstream release. A bugfix release.

Highlights from the changelog: 26 reported bugs fixed. Replaced objects are now expired immediately, instead of kept around until expiry. * Memory usage on chunked backend responses is lower

Fore a detailed list of changes, please see the project's announcement at https://www.varnish-cache.org/content/varnish-cache-403

How to install

sudo dnf upgrade --advisory=FEDORA-2015-4079

Comments 10

This update has been submitted for testing by ingvar.

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/47923/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/47923/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

This update has been pushed to testing

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by ingvar.

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/56824/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 stable updates repository.

This update has been pushed to stable

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Disabled
Dates
submitted 4 years ago
in testing 4 years ago
in stable 4 years ago

Related Bugs 2

00 #1200034 varnish: heap-based buffer overflow in backend server HTTP response parsing
00 #1200035 varnish: heap-based buffer overflow in backend server HTTP response parsing [fedora-all]

Automated Test Results