Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2020-4756

Опубликовано: 10 нояб. 2020
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2020-4756: varnish:6 security, bug fix, and enhancement update (MODERATE)

varnish [6.0.6-2]

  • new version 6.0.6
  • Resolves: #1795673 - RFE: rebase varnish:6 to latest 6.0.x LTS
  • Resolves: #1790907 - CVE-2019-20637 varnish: not clearing pointer between two client requests leads to information disclosure
  • Resolves: #1763958 - CVE-2019-15892 varnish:6/varnish: denial of service handling certain crafted HTTP/1 requests

varnish-modules [0.15.0-5]

  • Related: #1795673 - RFE: rebase varnish:6 to latest 6.0.x LTS

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module varnish:6 is enabled

varnish

6.0.6-2.module+el8.3.0+7653+45014445

varnish-devel

6.0.6-2.module+el8.3.0+7653+45014445

varnish-docs

6.0.6-2.module+el8.3.0+7653+45014445

varnish-modules

0.15.0-5.module+el8.3.0+7653+45014445

Oracle Linux x86_64

Module varnish:6 is enabled

varnish

6.0.6-2.module+el8.3.0+7653+45014445

varnish-devel

6.0.6-2.module+el8.3.0+7653+45014445

varnish-docs

6.0.6-2.module+el8.3.0+7653+45014445

varnish-modules

0.15.0-5.module+el8.3.0+7653+45014445

Связанные CVE

CVE-2019-20637
CVE-2019-15892
CVE-2020-11653

Ссылки на источники

Связанные уязвимости

rocky логотип

RLSA-2020:4756

rocky
около 5 лет назад

Moderate: varnish:6 security, bug fix, and enhancement update

suse-cvrf логотип

openSUSE-SU-2020:0808-1

suse-cvrf
больше 5 лет назад

Security update for varnish

ubuntu логотип

CVE-2019-20637

CVSS3: 7.5
ubuntu
больше 5 лет назад

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.

redhat логотип

CVE-2019-20637

CVSS3: 3.1
redhat
около 6 лет назад

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.

nvd логотип

CVE-2019-20637

CVSS3: 7.5
nvd
больше 5 лет назад

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.