varnish - Arch Linux
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-502 | 5.1.3-1 | 5.2.1-1 | Medium | Fixed | FS#56376 |
| AVG-374 | 5.1.2-1 | 5.1.3-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2017-12425 | AVG-374 | High | Yes | Denial of service | A remote, non-authenticated denial of service has been found in varnish < 5.1.3. A wrong if statement in the varnishd source code can trigger an assert when... |
| CVE-2017-8807 | AVG-502 | Medium | Yes | Information disclosure | vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive... |
Advisories
| Date | Advisory | Group | Severity | Description |
|---|---|---|---|---|
| 26 Nov 2017 | ASA-201711-29 | AVG-502 | Medium | information disclosure |
| 10 Aug 2017 | ASA-201708-4 | AVG-374 | High | denial of service |