[SECURITY] Fedora 22 Update: varnish-4.0.3-3.fc22

updates at fedoraproject.org updates at fedoraproject.org
Mon Mar 23 07:09:09 UTC 2015 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-4063
2015-03-18 05:57:08
--------------------------------------------------------------------------------

Name        : varnish
Product     : Fedora 22
Version     : 4.0.3
Release     : 3.fc22
URL         : http://www.varnish-cache.org/
Summary     : High-performance HTTP accelerator
Description :
This is Varnish Cache, a high-performance HTTP accelerator.
Documentation wiki and additional information about Varnish is
available on the following web site: http://www.varnish-cache.org/

--------------------------------------------------------------------------------
Update Information:

Added an update that fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread.




New upstream release. A bugfix release.

Highlights from the changelog: 
* 26 reported bugs fixed.
* Replaced objects are now expired immediately, instead of kept around until expiry.
* Memory usage on chunked backend responses is lower

Fore a detailed list of changes, please see the project's announcement at https://www.varnish-cache.org/content/varnish-cache-403
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1200034 - varnish: heap-based buffer overflow in backend server HTTP response parsing
        https://bugzilla.redhat.com/show_bug.cgi?id=1200034
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update varnish' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list