--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2022-18ac3af1c8
2022-03-03 15:23:37.771104
--------------------------------------------------------------------------------
Name : varnish
Product : Fedora EPEL 7
Version : 4.0.5
Release : 3.el7
URL :
http://www.varnish-cache.org/
Summary : High-performance HTTP accelerator
Description :
This is Varnish Cache, a high-performance HTTP accelerator.
Documentation wiki and additional information about Varnish is
available on the following web site:
http://www.varnish-cache.org/
--------------------------------------------------------------------------------
Update Information:
This release includes a security update with mitigation instructions for
VSV00008 aka CVE-2022-23959 PLEASE NOTE: varnish-4.0.5 is marked END OF LIFE
from the Varnish Cache upstream project. Please consider upgrading to
varnish-6.0 LTS. See
https://varnish-cache.org/ for updated packages compatible
with VCL 4.0 on el7. Other updates: - Workaround for systemd race - Dropped el6
support ---- A security update. Includes mitigation instructions for VSV00008
aka CVE-2022-23959 **PLEASE NOTE**: varnish-4.0.5 is marked **END OF LIFE**
from the Varnish Cache upstream project. Please consider upgrading to
varnish-6.0 LTS. See
https://varnish-cache.org/ for updated packages compatible
with VCL 4.0 on el7.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 22 2022 Ingvar Hagelund <ingvar(a)redpill-linpro.com> 4.0.5-3
- Added a sleep 0.5 to ExecStartPost, working around a race in
systemd, fixing bz#1478278
* Wed Feb 16 2022 Ingvar Hagelund <ingvar(a)redpill-linpro.com> 4.0.5-2
- Added mitigation instructions for VSV00008 aka CVE-2022-23959
SECURITY, PLEASE NOTE: varnish-4.0.5 is marked END OF LIFE from the
Varnish Cache upstream project. Please consider upgrading to varnish-6.0 LTS
See /usr/share/doc/varnish-4.0.5/vsv8_epel7_varnish405.vcl for details.
- Dropped el6 support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1478278 - Error messages about invalid argument during start.
https://bugzilla.redhat.com/show_bug.cgi?id=1478278
[ 2 ] Bug #2045034 - CVE-2022-23959 varnish: HTTP/1 request smuggling vulnerability
[epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2045034
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update varnish' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------