--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-99c5ddb2ae
2022-11-26 00:45:52.624299
--------------------------------------------------------------------------------
Name : varnish
Product : Fedora 35
Version : 6.6.2
Release : 3.fc35
URL :
https://www.varnish-cache.org/
Summary : High-performance HTTP accelerator
Description :
This is Varnish Cache, a high-performance HTTP accelerator.
Varnish Cache stores web pages in memory so web servers don���t have to
create the same web page over and over again. Varnish Cache serves
pages much faster than any application server; giving the website a
significant speed up.
Documentation wiki and additional information about Varnish Cache is
available on:
https://www.varnish-cache.org/
--------------------------------------------------------------------------------
Update Information:
This is a security update adding fixes for the following issues * VSV00009 aka
CVE-2022-38150: Denial of service * VSV00010 aka CVE-2022-45059: Request
smuggling * VSV00011 aka CVE-2022-45060: Request forgery For details, see
https://varnish-cache.org/security
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 14 2022 Ingvar Hagelund <ingvar(a)redpill-linpro.com> - 6.6.2-3
- Added patches for VSV00009 aka CVE-2022-38150, bz#2118570
- Added patches for VSV00010 aka CVE-2022-45059, bz#2141842
- Added patches for VSV00011 aka CVE-2022-45060, bz#2141847
- Added a bcond system_allocator, bz#1917697
- Removed comments referencing patches no longer in use
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2118570 - CVE-2022-38150 varnish: denial of service via colon-starting reason
phrase [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2118570
[ 2 ] Bug #2141842 - CVE-2022-45059 varnish: Request Smuggling Vulnerability
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2141842
[ 3 ] Bug #2141847 - CVE-2022-45060 varnish: Request Forgery Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2141847
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-99c5ddb2ae' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------