This bug was fixed in the package varnish - 5.0.0-7ubuntu0.1
---------------
varnish (5.0.0-7ubuntu0.1) zesty-security; urgency=medium
* SECURITY UPDATE: Correctly handle bogusly large chunk sizes (LP: #1708354)
- 5.0-Correctly-handle-bogusly-large-chunk-sizes.patch
- CVE-2017-12425
-- Simon Quigley <[email protected]> Mon, 07 Aug 2017 12:57:31 -0500
** Changed in: varnish (Ubuntu Zesty)
Status: Fix Committed => Fix Released
** Changed in: varnish (Ubuntu Xenial)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1708354
Title:
[CVE] Correctly handle bogusly large chunk sizes
Status in varnish package in Ubuntu:
Fix Released
Status in varnish source package in Xenial:
Fix Released
Status in varnish source package in Zesty:
Fix Released
Bug description:
https://varnish-cache.org/security/VSV00001.html
CVE-2017-12425
Date: 2017-08-02
A wrong if statement in the varnishd source code means that particular
invalid requests from the client can trigger an assert.
This causes the varnishd worker process to abort and restart, loosing
the cached contents in the process.
An attacker can therefore crash the varnishd worker process on demand
and effectively keep it from serving content - a Denial-of-Service
attack.
Mitigation is possible from VCL or by updating to a fixed version of Varnish
Cache.
Versions affected
4.0.1 to 4.0.4
4.1.0 to 4.1.7
5.0.0
5.1.0 to 5.1.2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1708354/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : [email protected]
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
