FEDORA-2017-5525b6cb5a

security update in Fedora 26 for varnish

Status: stable 2 years ago

Security fix for CVE-2017-8807: This fixes a possible data leak in stevedore transient objects in varnishd.

Upstream reports: "It is not inconceiveable that an attack can provoke this situation on vulnerable varnishd instances, where the leaked memory contains confidential data and therefore we have classified this as a security vulnerability."

How to install

sudo dnf upgrade --advisory=FEDORA-2017-5525b6cb5a

Comments 6

This update has been submitted for testing by ingvar.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by ingvar.

This update has been submitted for stable by ingvar.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 3

00 #1512798 Invalid bug number
00 #1513523 CVE-2017-8807 varnish: Data leak - ‘-sfile’ Stevedore transient objects
00 #1513524 CVE-2017-8807 varnish: Data leak - ‘-sfile’ Stevedore transient objects [fedora-all]

Automated Test Results