FEDORA-EPEL-2017-56ca95fe85

security update in Fedora EPEL 7 for varnish

Status: stable 2 years ago

New upstream release. This is a security release, with a fix for a crash bug that might be used in a denial of service attack. Details from the upstream project are found here:

http://varnish-cache.org/security/VSV00001.html

How to install

sudo dnf upgrade --advisory=FEDORA-EPEL-2017-56ca95fe85

Comments 10

This update has been submitted for testing by ingvar.

ingvar edited this update.

This update is working fine on the Fedora Infrastructure (I'm submitting this bodhi comment through it!).

karma: +1 #1477222: +1 #1477699: +1

ingvar edited this update.

Tested with mock on f25 before and after the update. It no longer panics.

karma: +1 #1477222: +1 #1477699: +1

This update has been pushed to testing.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

This is a security release with a fix for CVE-2017-12425.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
urgent
Karma
+2
stable threshold: 2
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago
modified 2 years ago

Related Bugs 2

0+3 #1477222 CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests
0+3 #1477699 CVE-2017-12425 varnish: Missing check for integer overflow when handling chunk sizes in HTTP requests [epel-all]

Automated Test Results