18 matches found
Ubuntu 16.04 ESM : Varnish vulnerability (USN-4824-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4824-1 advisory. It was discovered that Varnish incorrectly handled certain inputs. A remote attacker could possibly use this issue to obtain sensitive information. Tenable has...
Mageia: Security Advisory (MGASA-2017-0435)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 27 : varnish (2017-72b50be8d4)
Security fix for CVE-2017-8807: This fixes a possible data leak in stevedore transient objects in varnishd. Upstream reports: 'It is not inconceiveable that an attack can provoke this situation on vulnerable varnishd instances, where the leaked memory contains confidential data and therefore we...
FreeBSD : varnish -- information disclosure vulnerability (17133e7e-d764-11e7-b5af-a4badb2f4699)
Varnish reports : A wrong if statement in the varnishd source code means that synthetic objects in stevedores which over-allocate, may leak up to page size of data from a malloc3 memory allocation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...
Updated varnish packages fix security vulnerability
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...
Fedora Update for varnish FEDORA-2017-5525b6cb5a
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for varnish FEDORA-2017-72b50be8d4
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for varnish FEDORA-2017-8575fbfe90
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 26 : varnish (2017-5525b6cb5a)
Security fix for CVE-2017-8807: This fixes a possible data leak in stevedore transient objects in varnishd. Upstream reports: 'It is not inconceiveable that an attack can provoke this situation on vulnerable varnishd instances, where the leaked memory contains confidential data and therefore we...
Fedora 25 : varnish (2017-8575fbfe90)
Security fix for CVE-2017-8807: This fixes a possible data leak in stevedore transient objects in varnishd. Upstream reports: 'It is not inconceiveable that an attack can provoke this situation on vulnerable varnishd instances, where the leaked memory contains confidential data and therefore we...
[ASA-201711-29] varnish: information disclosure
Arch Linux Security Advisory ASA-201711-29 ========================================== Severity: Medium Date : 2017-11-26 CVE-ID : CVE-2017-8807 Package : varnish Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-502 Summary ======= The package varnish before...
CVE-2017-8807
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...
CVE-2017-8807
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...
CVE-2017-8807
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...
CVE-2017-8807
Varnish Cache CVE-2017-8807 affects 4.1.x before 4.1.9 and 5.x before 5.2.1. The flaw is in vbf_stp_error in bin/varnishd/cache/cache_fetch.c where a VFP_GetStorage buffer is larger than intended during -sfile Stevedore transient objects, allowing remote attackers to read memory from the process....
CVE-2017-8807
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...
Debian DSA-4034-1 : varnish - security update
'shamger' and Carlo Cannas discovered that a programming error in Varnish, a state of the art, high-performance web accelerator, may result in disclosure of memory contents or denial of service. See https://varnish-cache.org/security/VSV00002.html for details. %NASLMINLEVEL 70300 C Tenable Networ...
CVE-2017-8807
vbfstperror in bin/varnishd/cache/cachefetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFPGetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore...