varnish

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description High-performance HTTP accelerator
Version 5.2.1-3 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-502 5.1.3-1 5.2.1-1 Medium Fixed FS#56376
AVG-374 5.1.2-1 5.1.3-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2017-8807 AVG-502 Medium Yes Information disclosure
vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive...
CVE-2017-12425 AVG-374 High Yes Denial of service
A remote, non-authenticated denial of service has been found in varnish < 5.1.3. A wrong if statement in the varnishd source code can trigger an assert when...

Advisories

Date Advisory Group Severity Description
26 Nov 2017 ASA-201711-29 AVG-502 Medium information disclosure
10 Aug 2017 ASA-201708-4 AVG-374 High denial of service