|
|
Log in / Subscribe / Register

Mageia alert MGASA-2022-0079 (varnish)



From:
              Mageia Updates <buildsystem-daemon@mageia.org>


To:
              updates-announce@ml.mageia.org


Subject:
              [updates-announce] MGASA-2022-0079: Updated varnish packages fix security vulnerability


Date:
              Tue, 22 Feb 2022 21:16:13 +0100


Message-ID:
              <20220222201613.56561A12C8@duvel.mageia.org>


Archive-link:
              Article


MGASA-2022-0079 - Updated varnish packages fix security vulnerability

Publication date: 22 Feb 2022
URL: https://advisories.mageia.org/MGASA-2022-0079.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-23959

Description:
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS
before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before
4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1
connections. (CVE-2022-23959)

References:
- https://bugs.mageia.org/show_bug.cgi?id=30048
- https://www.debian.org/lts/security/2022/dla-2920
- https://docs.varnish-software.com/security/VSV00008/
-
https://lists.fedoraproject.org/archives/list/package-ann...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2...

SRPMS:
- 8/core/varnish-6.5.1-1.2.mga8
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds