Описание
Security update for varnish
This update for varnish fixes the following issues:
Update to release 7.1.1:
- CVE-2022-38150: Resolve a denial of service attack involving reason phrases (boo#1202350).
Список пакетов
SUSE Package Hub 15 SP4
libvarnishapi3-7.1.1-bp154.2.6.1
varnish-7.1.1-bp154.2.6.1
varnish-devel-7.1.1-bp154.2.6.1
openSUSE Leap 15.4
libvarnishapi3-7.1.1-bp154.2.6.1
varnish-7.1.1-bp154.2.6.1
varnish-devel-7.1.1-bp154.2.6.1
Ссылки
- E-Mail link for openSUSE-SU-2022:10104-1
- SUSE Security Ratings
- SUSE Bug 1202350
- SUSE CVE CVE-2022-38150 page
Описание
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.
Затронутые продукты
SUSE Package Hub 15 SP4:libvarnishapi3-7.1.1-bp154.2.6.1
SUSE Package Hub 15 SP4:varnish-7.1.1-bp154.2.6.1
SUSE Package Hub 15 SP4:varnish-devel-7.1.1-bp154.2.6.1
openSUSE Leap 15.4:libvarnishapi3-7.1.1-bp154.2.6.1
Ссылки
- CVE-2022-38150
- SUSE Bug 1202350