Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2020:4756

Опубликовано: 03 нояб. 2020
Источник: rocky
Оценка: Moderate

Описание

Moderate: varnish:6 security, bug fix, and enhancement update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

The following packages have been upgraded to a later upstream version: varnish (6.0.6). (BZ#1795673)

Security Fix(es):

  • varnish: denial of service handling certain crafted HTTP/1 requests (CVE-2019-15892)

  • varnish: remote clients may cause Varnish to assert and restart which could result in DoS (CVE-2020-11653)

  • varnish: not clearing pointer between two client requests leads to information disclosure (CVE-2019-20637)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
varnishx86_642.module+el8.3.0+179+20b582ccvarnish-6.0.6-2.module+el8.3.0+179+20b582cc.x86_64.rpm
varnish-develx86_642.module+el8.3.0+179+20b582ccvarnish-devel-6.0.6-2.module+el8.3.0+179+20b582cc.x86_64.rpm
varnish-docsx86_642.module+el8.3.0+179+20b582ccvarnish-docs-6.0.6-2.module+el8.3.0+179+20b582cc.x86_64.rpm
varnish-modulesx86_645.module+el8.3.0+179+20b582ccvarnish-modules-0.15.0-5.module+el8.3.0+179+20b582cc.x86_64.rpm

Показывать по

Связанные CVE

CVE-2019-15892
CVE-2019-20637
CVE-2020-11653

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2020-4756

oracle-oval
около 5 лет назад

ELSA-2020-4756: varnish:6 security, bug fix, and enhancement update (MODERATE)

suse-cvrf логотип

openSUSE-SU-2020:0808-1

suse-cvrf
больше 5 лет назад

Security update for varnish

ubuntu логотип

CVE-2019-15892

CVSS3: 7.5
ubuntu
больше 6 лет назад

An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.

redhat логотип

CVE-2019-15892

CVSS3: 7.5
redhat
больше 6 лет назад

An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.

nvd логотип

CVE-2019-15892

CVSS3: 7.5
nvd
больше 6 лет назад

An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.