Security update for varnish (moderate)

ID OPENSUSE-SU-2019:2221-1
Type suse
Reporter Suse
Modified 2019-09-30T21:17:22


This update for varnish fixes the following issues:

Security issue fixed:

  • CVE-2019-15892: Fixed a potential denial of service by sending crafted HTTP/1 requests (boo#1149382).

Non-security issues fixed:

  • Updated the package to release 6.2.1.
  • Added a thread pool watchdog which will restart the worker process if scheduling tasks onto worker threads appears stuck. The new parameter "thread_pool_watchdog" configures it.
  • Disabled error for clobbering, which caused bogus error in varnishtest.

This update was imported from the openSUSE:Leap:15.0:Update update project.