Описание
Security update for varnish
This update for varnish fixes the following issues:
- CVE-2019-20637: Fixed an information leak when handling one client request and the next on the same connection (boo#1169040)
- CVE-2020-11653: Fixed a performance loss due to an assertion failure and daemon restart when communicating with TLS termination proxy that uses PROXY version 2 (boo#1169039)
Список пакетов
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0808-1
- SUSE Security Ratings
- SUSE Bug 1169039
- SUSE Bug 1169040
- SUSE CVE CVE-2019-20637 page
- SUSE CVE CVE-2020-11653 page
Описание
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.
Затронутые продукты
Ссылки
- CVE-2019-20637
- SUSE Bug 1169040
Описание
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.
Затронутые продукты
Ссылки
- CVE-2020-11653
- SUSE Bug 1169039