Updated varnish packages fix security vulnerabilities: Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI (CVE-2013-4484). Also, the services have been converted from SysV init scripts to systemd- native services, which should allow for more consistent behavior.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | varnish | < 3.0.3-7.5 | varnish-3.0.3-7.5.mga3 |
Mageia | 4 | noarch | varnish | < 3.0.3-12.1 | varnish-3.0.3-12.1.mga4 |