4 matches found
Fedora 26 : varnish (2017-8f4fba5afa)
New upstream release. This is a security release with a fix for CVE-2017-12425, a crash bug that might be used in a denial of service attack. Details from the upstream project are found here : http://varnish-cache.org/security/VSV00001.html Note that Tenable Network Security has extracted the...
CVE-2017-12425
An integer overflow flaw, leading to assertion failure, was found in the way Varnish handled chunk sizes in HTTP requests. A remote attacker could use this flaw to make the Varnish daemon restart unexpectedly due to an assertion failure by sending a specially crafted HTTP request...
CVE-2017-12425
Varnish HTTP Cache contains a denial-of-service vulnerability (CVE-2017-12425) due to a wrong if statement in varnishd that can cause an assertion when processing invalid client requests. This bug affects multiple releases: 4.0.1–4.0.4, 4.1.0–4.1.7, 5.0.0, and 5.1.0–5.1.2. Exploitation leads to t...
Debian DSA-3924-1 : varnish - security update
A denial of service vulnerability was discovered in Varnish, a state of the art, high-performance web accelerator. Specially crafted HTTP requests can cause the Varnish daemon to assert and restart, clearing the cache in the process. See https://varnish-cache.org/security/VSV00001.html for detail...