ELSA-2020-4756

ELSA-2020-4756 - varnish:6 security, bug fix, and enhancement update

Type:SECURITY
Severity:MODERATE
Release Date:2020-11-10

Description


varnish
[6.0.6-2]
- new version 6.0.6
- Resolves: #1795673 - RFE: rebase varnish:6 to latest 6.0.x LTS
- Resolves: #1790907 - CVE-2019-20637 varnish: not clearing pointer between two
client requests leads to information disclosure
- Resolves: #1763958 - CVE-2019-15892 varnish:6/varnish: denial of service
handling certain crafted HTTP/1 requests

varnish-modules
[0.15.0-5]
- Related: #1795673 - RFE: rebase varnish:6 to latest 6.0.x LTS


Related CVEs


CVE-2019-20637
CVE-2019-15892
CVE-2020-11653

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) varnish-6.0.6-2.module+el8.3.0+7653+45014445.src.rpm5603931e4419926387a50b8a867d1de5-
varnish-modules-0.15.0-5.module+el8.3.0+7653+45014445.src.rpm5c7fbb02ea8cb3d2a47326c5b09c0e73-
varnish-6.0.6-2.module+el8.3.0+7653+45014445.aarch64.rpm40e60d9614b1b646bceac76496decaac-
varnish-devel-6.0.6-2.module+el8.3.0+7653+45014445.aarch64.rpmd8766e30b12a7ca910fa7fade5c5ae02-
varnish-docs-6.0.6-2.module+el8.3.0+7653+45014445.aarch64.rpmb0a624d3900126fec6a38da34f3c15ea-
varnish-modules-0.15.0-5.module+el8.3.0+7653+45014445.aarch64.rpmb7b53693ecc82cffad08ca0ffbec8887-
Oracle Linux 8 (x86_64) varnish-6.0.6-2.module+el8.3.0+7653+45014445.src.rpm5603931e4419926387a50b8a867d1de5-
varnish-modules-0.15.0-5.module+el8.3.0+7653+45014445.src.rpm5c7fbb02ea8cb3d2a47326c5b09c0e73-
varnish-6.0.6-2.module+el8.3.0+7653+45014445.x86_64.rpm875ae3ffe6ba2a7c7e61f0df4b7e9e17-
varnish-devel-6.0.6-2.module+el8.3.0+7653+45014445.x86_64.rpma21e77c23b9cff924b765c9b02d89ac8-
varnish-docs-6.0.6-2.module+el8.3.0+7653+45014445.x86_64.rpm87087eddfdb07b09f7c26e218d61b05f-
varnish-modules-0.15.0-5.module+el8.3.0+7653+45014445.x86_64.rpm59a20daa7504fecd5c7a96ba581ba2eb-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete