FEDORA-EPEL-2017-56ca95fe85 created by ingvar 2 years ago for Fedora EPEL 7
stable

New upstream release. This is a security release, with a fix for a crash bug that might be used in a denial of service attack. Details from the upstream project are found here:

http://varnish-cache.org/security/VSV00001.html

This update has been submitted for testing by ingvar.

2 years ago

ingvar edited this update.

2 years ago
User Icon puiterwijk commented & provided feedback 2 years ago
karma

This update is working fine on the Fedora Infrastructure (I'm submitting this bodhi comment through it!).

BZ#1477222 CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests
BZ#1477699 CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests [epel-all]

ingvar edited this update.

2 years ago
User Icon anonymous commented & provided feedback 2 years ago

karma: +1

BZ#1477222 CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests
BZ#1477699 CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests [epel-all]
User Icon dridi commented & provided feedback 2 years ago
karma

Tested with mock on f25 before and after the update. It no longer panics.

BZ#1477222 CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests
BZ#1477699 CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests [epel-all]

This update has been pushed to testing.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago
User Icon ingvar commented & provided feedback 2 years ago

This is a security release with a fix for CVE-2017-12425.


Please login to add feedback.

Metadata
Type
security
Severity
urgent
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
2
Stable by Time
disabled
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1477222 CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests
0
3
BZ#1477699 CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests [epel-all]
0
3

Automated Test Results