[SECURITY] Fedora 22 Update: varnish-4.0.3-3.fc22
updates at fedoraproject.org
updates at fedoraproject.org
Mon Mar 23 07:09:09 UTC 2015
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-4063
2015-03-18 05:57:08
--------------------------------------------------------------------------------
Name : varnish
Product : Fedora 22
Version : 4.0.3
Release : 3.fc22
URL : http://www.varnish-cache.org/
Summary : High-performance HTTP accelerator
Description :
This is Varnish Cache, a high-performance HTTP accelerator.
Documentation wiki and additional information about Varnish is
available on the following web site: http://www.varnish-cache.org/
--------------------------------------------------------------------------------
Update Information:
Added an update that fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread.
New upstream release. A bugfix release.
Highlights from the changelog:
* 26 reported bugs fixed.
* Replaced objects are now expired immediately, instead of kept around until expiry.
* Memory usage on chunked backend responses is lower
Fore a detailed list of changes, please see the project's announcement at https://www.varnish-cache.org/content/varnish-cache-403
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1200034 - varnish: heap-based buffer overflow in backend server HTTP response parsing
https://bugzilla.redhat.com/show_bug.cgi?id=1200034
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update varnish' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list