varnish -- DoS vulnerability in Varnish HTTP cache

Varnish Cache Project reports:

If Varnish receives a certain illegal request, and the subroutine
‘vcl_error{}’ restarts the request, the varnishd worker process
will crash with an assert.

The varnishd management process will restart the worker process, but
there will be a brief interruption of service and the cache will be
emptied, causing more traffic to go to the backend.

We are releasing this advisory because restarting from vcl_error{} is
both fairly common and documented.
This is purely a denial of service vulnerability, there is no risk of
privilege escalation.
Workaround
Insert this at the top of your VCL file:

	sub vcl_error {
		if (obj.status == 400 || obj.status == 413) {
			return(deliver);
		}
	}

	Or add this test at the top of your existing vcl_error{}.