← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1708354] Re: VSV00001 DoS vulnerability

 

** Also affects: varnish (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: varnish (Ubuntu Zesty)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1708354

Title:
  [CVE] Correctly handle bogusly large chunk sizes

Status in varnish package in Ubuntu:
  Fix Released
Status in varnish source package in Xenial:
  In Progress
Status in varnish source package in Zesty:
  In Progress

Bug description:
  https://varnish-cache.org/security/VSV00001.html

  CVE-2017-12425

  Date: 2017-08-02

  A wrong if statement in the varnishd source code means that particular
  invalid requests from the client can trigger an assert.

  This causes the varnishd worker process to abort and restart, loosing
  the cached contents in the process.

  An attacker can therefore crash the varnishd worker process on demand
  and effectively keep it from serving content - a Denial-of-Service
  attack.

  Mitigation is possible from VCL or by updating to a fixed version of Varnish Cache.
  Versions affected

      4.0.1 to 4.0.4
      4.1.0 to 4.1.7
      5.0.0
      5.1.0 to 5.1.2

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1708354/+subscriptions