Univention Bugzilla – Full Text Bug Listing |
Summary: | varnish: Denial of Service (4.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P4 | Flags: | requate:
Patch_Available+
|
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.2-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) |
Description
Arvid Requate
2017-08-07 17:33:30 CEST
More detail: * An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases. (CVE-2017-12425) Mass-import from Debian-Security: python -m univention.repong.^Cbmirror -s jessie -r 4.2-3 --override=$HOME/REPOS/repo-ng/mirror/update_ucs42_mirror_from_debian.yml --errata=doc/errata --sql --process=ALL -vvvv --now=201801211553 YAML: git:bd6159834a..449aa5a7cf --- mirror/ftp/4.2/unmaintained/4.2-0/source/varnish_4.0.2-1.dsc +++ apt/ucs_4.2-0-errata4.2-3/source/varnish_4.0.2-1+deb8u1.dsc @@ -1,3 +1,10 @@ +4.0.2-1+deb8u1 [Mon, 31 Jul 2017 20:30:41 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Correctly handle bogusly large chunk sizes. + This fixes a denial of service attack vector where bogusly large chunk + sizes in requests could be used to force restarts of the Varnish server. + 4.0.2-1 [Tue, 14 Oct 2014 22:53:05 +0200] Stig Sandbeck Mathisen <ssm@debian.org>: * use /run instead of /var/run in sysv init scripts (Closes: #708975) * No UCS specific patches * Comparison to previously shipped version ok * Binary package update Ok * Advisory Ok |