group.of.nepali.translators team mailing list archive

[Simon Quigley <tsimonq2@xxxxxxxxxx>]

** Changed in: varnish (Ubuntu)
       Status: In Progress => Fix Released

** Changed in: varnish (Ubuntu Xenial)
       Status: New => In Progress

** Changed in: varnish (Ubuntu Zesty)
       Status: New => In Progress

** Changed in: varnish (Ubuntu Xenial)
     Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: varnish (Ubuntu Zesty)
     Assignee: (unassigned) => Simon Quigley (tsimonq2)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1708354

Title:
  [CVE] Correctly handle bogusly large chunk sizes

Status in varnish package in Ubuntu:
  Fix Released
Status in varnish source package in Xenial:
  In Progress
Status in varnish source package in Zesty:
  In Progress

Bug description:
  https://varnish-cache.org/security/VSV00001.html

  CVE-2017-12425

  Date: 2017-08-02

  A wrong if statement in the varnishd source code means that particular
  invalid requests from the client can trigger an assert.

  This causes the varnishd worker process to abort and restart, loosing
  the cached contents in the process.

  An attacker can therefore crash the varnishd worker process on demand
  and effectively keep it from serving content - a Denial-of-Service
  attack.

  Mitigation is possible from VCL or by updating to a fixed version of Varnish Cache.
  Versions affected

      4.0.1 to 4.0.4
      4.1.0 to 4.1.7
      5.0.0
      5.1.0 to 5.1.2

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1708354/+subscriptions