Fedora 22 Security Update: varnish-4.0.3-3.fc22

Resolved Bugs
1200034 – varnish: heap-based buffer overflow in backend server HTTP response parsing
1200035 – varnish: heap-based buffer overflow in backend server HTTP response parsing [fedora-all]<br
Added an update that fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread.
New upstream release. A bugfix release.
Highlights from the changelog:
* 26 reported bugs fixed.
* Replaced objects are now expired immediately, instead of kept around until expiry.
* Memory usage on chunked backend responses is lower
Fore a detailed list of changes, please see the project’s announcement at https://www.varnish-cache.org/content/varnish-cache-403

Leave a Reply