it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5918-1] varnish security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5918-1] varnish security update
Date: Tue, 13 May 2025 18:16:29 +0000
Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/aCOMfU52td8EljNC AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=cptwXpVbv3BBaaKfLRCUiufuDHBThJs0FFrMbzT/RNA=; b=MM pK7y8lnLeboFTHS80m2EZDEnLtBN7mUOqFpIxpq0w1eqtYNiwakAUhf6ar7taR4zZC/EBU5SyqP2q 4Sz3NJ9P5tqM3HtUb7wwGqjsmZpm0cvrJ5Qp3VZfVHJizfJB7m39KlF3CkzVTTKkYT10DXkWlWsFT nDI1mCzZtYePo32kJ+b8kBEMW8c93IePXWXoMSWRq4fJ0ILuhw+h+BlQQ8FTIcIh0s0h5Y3zNFg8p zOfCyQmn28u/PIrV9vJEPYKQQvg0gpTz8vLXjKKm+F0YVuMknKLOEaDk9OXWIT9dQr+eCowEbmo7c v7An9mkYMOaej3gUlkVA4fwjkjh0lcLg==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Tue, 13 May 2025 18:16:55 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <M-g9QuLFVW.A.MKS.Xy4IoB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5918-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 13, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : varnish
CVE ID : not yet available

Ben Kallus discovered that incorrect parsing of chunked transfer
encodings in the Varnish web accelerator may result in HTTP request
smuggling or cache poisoning.

For the stable distribution (bookworm), this problem has been fixed in
version 7.1.1-2+deb12u1.

We recommend that you upgrade your varnish packages.

For the detailed security status of varnish please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/varnish

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmgjjGQACgkQEMKTtsN8
Tjbpjg/+KZfR/cBQXwFN+WQ8qQq/SgGL9NA9XLmz9U8ocvr6/nrJsAszl3iLn0PF
jjRODJu7kzAJjJl2I24bLgdCfevknn5EL+/FEtcL+my4X7SC7tGegrqJ0rnDJorg
JlK/qvcCLf+Lc6T9gZ4wOlsEJVbD+TVFaN4ipsIb7DWjA3SpBWcqtGY9G3dIsxNm
m4pzK2MNEdXSeDzBXSXuyDX/TzFQmgnI6my58eGoDqxc2Zt9WPm18zoKPGS+7C6x
KuERLLM95hyF3XBl2OYgY9D0cIuzwa618qVb+dQ1z5yrL8c7AlxE2FJnHOSfVj7K
YbiwrW6SFyjWdkE+ip/sVmSDH18QWwvGRAnm/FV81Rt1YUUEtZJMkyVwzdNqV6+s
NMtP+RDjdqDzm3xdyqH9YBBbx+2/uF9pwwCznmtNObUCO1Eg1yCJT/55hlanUlXU
pZJ+Jt3yM5sglL9HduiCB2M4+rhe7PX7rsAzePn8w9tY16vvHR+eNa+Vdjb36bdG
S4erBZ+wN+NHNp5jv8ZJsDEB2wVkumKNj3fwfeGy7zcfQysSKskKsEWHW95YEf4l
Yno2+7o7OIBmr1vzm4I6gxZOHrTKA8pryc1Z/6Kl/7jV7rKUJgarXf8cMofmfRMt
4uASZYTt1O/MPLnfr+tRxUMEaWG2ZMzMqpqUI7Yu3/gBoYEcooQ=
=q4Jk
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5918-1] varnish security update, Moritz Muehlenhoff, 13.05.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.