-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-99c5ddb2ae 2022-11-26 00:45:52.624299 --------------------------------------------------------------------------------
Name : varnish Product : Fedora 35 Version : 6.6.2 Release : 3.fc35 URL : https://www.varnish-cache.org/ Summary : High-performance HTTP accelerator Description : This is Varnish Cache, a high-performance HTTP accelerator.
Varnish Cache stores web pages in memory so web servers don���t have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a significant speed up.
Documentation wiki and additional information about Varnish Cache is available on: https://www.varnish-cache.org/
-------------------------------------------------------------------------------- Update Information:
This is a security update adding fixes for the following issues * VSV00009 aka CVE-2022-38150: Denial of service * VSV00010 aka CVE-2022-45059: Request smuggling * VSV00011 aka CVE-2022-45060: Request forgery For details, see https://varnish-cache.org/security -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 14 2022 Ingvar Hagelund ingvar@redpill-linpro.com - 6.6.2-3 - Added patches for VSV00009 aka CVE-2022-38150, bz#2118570 - Added patches for VSV00010 aka CVE-2022-45059, bz#2141842 - Added patches for VSV00011 aka CVE-2022-45060, bz#2141847 - Added a bcond system_allocator, bz#1917697 - Removed comments referencing patches no longer in use -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2118570 - CVE-2022-38150 varnish: denial of service via colon-starting reason phrase [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2118570 [ 2 ] Bug #2141842 - CVE-2022-45059 varnish: Request Smuggling Vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2141842 [ 3 ] Bug #2141847 - CVE-2022-45060 varnish: Request Forgery Vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2141847 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-99c5ddb2ae' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------