Lucene search
UbuntuUSN-5474-1HistoryJun 08, 2022 - 12:00 a.m.
Varnish Cache vulnerabilities
2022-06-0800:00:00
ubuntu.com
101
Releases
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
Packages
- varnish - state of the art, high-performance web accelerator
Details
It was dicovered that Varnish Cache did not clear a pointer between the
handling of one client request and the next request within the same connection.
A remote attacker could possibly use this issue to obtain sensitive
information. (CVE-2019-20637)
It was discovered that Varnish Cache could have an assertion failure when a
TLS termination proxy uses PROXY version 2. A remote attacker could possibly
use this issue to restart the daemon and cause a performance loss.
(CVE-2020-11653)
It was discovered that Varnish Cache allowed request smuggling and VCL
authorization bypass via a large Content-Length header for a POST
request. A remote attacker could possibly use this issue to obtain sensitive
information. (CVE-2021-36740)
It was discovered that Varnish Cache allowed request smuggling for HTTP/1
connections. A remote attacker could possibly use this issue to obtain
sensitive information. (CVE-2022-23959)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 22.04 | noarch | varnish | <Â 6.6.1-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libvarnishapi-dev | <Â 6.6.1-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libvarnishapi2 | <Â 6.6.1-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libvarnishapi2-dbgsym | <Â 6.6.1-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 22.04 | noarch | varnish-dbgsym | <Â 6.6.1-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 22.04 | noarch | varnish-doc | <Â 6.6.1-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 21.10 | noarch | varnish | <Â 6.5.2-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 21.10 | noarch | libvarnishapi-dev | <Â 6.5.2-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 21.10 | noarch | libvarnishapi2 | <Â 6.5.2-1ubuntu0.2 | UNKNOWN |
| Ubuntu | 21.10 | noarch | libvarnishapi2-dbgsym | <Â 6.5.2-1ubuntu0.2 | UNKNOWN |
Related
osv
osv
varnish vulnerabilities
2022-06-08 19:20:14
varnish - security update
2022-03-03 00:00:00
Moderate: varnish:6 security, bug fix, and enhancement update
2020-11-03 12:33:31
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Varnish Cache vulnerabilities (USN-5474-1)
2022-06-09 00:00:00
openSUSE Security Update : varnish (openSUSE-2020-808)
2020-07-20 00:00:00
openSUSE 15 Security Update : varnish (openSUSE-SU-2022:0148-1)
2022-05-28 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5474-1)
2022-06-09 00:00:00
openSUSE: Security Advisory for varnish (openSUSE-SU-2020:0808-1)
2020-06-17 00:00:00
Debian: Security Advisory (DSA-5088-1)
2022-03-05 00:00:00
suse
suse
Security update for varnish (moderate)
2020-06-16 00:00:00
Security update for varnish (moderate)
2020-06-16 00:00:00
Security update for varnish (important)
2022-05-27 00:00:00
debian
debian
[SECURITY] [DSA 5088-1] varnish security update
2022-03-03 19:57:43
[SECURITY] [DLA 2920-1] varnish security update
2022-02-14 00:34:09
[SECURITY] [DLA 3208-1] varnish security update
2022-11-27 22:35:23
rocky
rocky
varnish:6 security, bug fix, and enhancement update
2020-11-03 12:33:31
varnish:6 security update
2021-08-02 14:30:38
varnish:6 security update
2022-02-03 09:29:24
almalinux
almalinux
Moderate: varnish:6 security, bug fix, and enhancement update
2020-11-03 12:33:31
Important: varnish:6 security update
2021-08-02 14:30:38
Important: varnish:6 security update
2022-02-03 09:29:24
redhat
redhat
(RHSA-2021:2988) Important: varnish:6 security update
2021-08-02 14:30:38
(RHSA-2021:2993) Important: rh-varnish6-varnish security update
2021-08-03 08:11:12
oraclelinux
oraclelinux
varnish:6 security, bug fix, and enhancement update
2020-11-10 00:00:00
varnish:6 security update
2021-08-03 00:00:00
varnish:6 security update
2022-02-03 00:00:00
prion
prion
Cross site request forgery (csrf)
2020-04-08 23:15:00
Design/Logic Flaw
2022-01-26 01:15:00
Design/Logic Flaw
2020-04-08 23:15:00
cvelist
cvelist
redhatcve
redhatcve
veracode
veracode
Denial Of Service (DoS)
2022-12-10 03:15:38
HTTP Request Smuggling (HRS)
2022-01-29 17:51:52
Authorization Bypass
2021-07-19 00:55:44
ubuntucve
ubuntucve
mageia
mageia
Updated varnish packages fix a security vulnerability
2021-07-28 23:00:51
Updated varnish packages fix security vulnerability
2022-02-22 23:15:16
cve
cve
fedora
fedora
[SECURITY] Fedora 35 Update: varnish-modules-0.18.0-5.fc35
2022-02-16 01:28:31
[SECURITY] Fedora 34 Update: varnish-6.5.2-1.fc34
2021-07-25 01:03:42
[SECURITY] Fedora 34 Update: varnish-modules-0.17.1-2.fc34
2021-07-25 01:03:43
debiancve
debiancve
freebsd
freebsd
varnish -- Request Smuggling Vulnerability
2022-01-25 00:00:00
archlinux
archlinux
[ASA-202107-28] varnish: url request injection
2021-07-14 00:00:00
alpinelinux
alpinelinux
CVE-2021-36740
2021-07-14 17:15:00
CVE-2022-23959
2022-01-26 01:15:00
ubuntu
ubuntu
Varnish Cache regression
2022-08-23 00:00:00
amazon
amazon
Important: varnish
2022-08-15 18:37:00