Bug 21449

Summary: varnish new security issue CVE-2017-12425
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: herman.viaene, lewyssmith, marja11, mhrambo3501, sysadmin-bugs
Version: 6Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: has_procedure MGA6-32-OK MGA6-64-OK advisory
Source RPM: varnish-5.0.0-3.mga6.src.rpm CVE:
Status comment:

Description David Walser 2017-08-04 22:47:31 CEST 
Debian has issued an advisory on August 2:
https://www.debian.org/security/2017/dsa-3924

Mageia 6 is also affected.
David Walser 2017-08-04 22:47:43 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 Marja Van Waes 2017-08-04 23:41:56 CEST 
Assigning to all packagers collectively, since there is no registered maintainer for this package.

CC: (none) => marja11
Assignee: bugsquad => pkg-bugs

Comment 2 Mike Rambo 2017-08-07 15:09:48 CEST 
Patched packages uploaded for Mageia 6 and cauldron.

Testing information in https://bugs.mageia.org/show_bug.cgi?id=11678 and https://bugs.mageia.org/show_bug.cgi?id=18244#c2.

Advisory:
========================

Patched varnish package fixes security vulnerability:

A denial of service vulnerability was discovered in Varnish, a state of the art, high-performance web accelerator. Specially crafted HTTP requests can cause the Varnish daemon to assert and restart, clearing the cache in the process (CVE-2017-12425).

References:
https://security-tracker.debian.org/tracker/CVE-2017-12425
https://www.debian.org/security/2017/dsa-3924
========================

Updated packages in core/updates_testing:
========================
lib64varnish1-5.0.0-3.1.mga6.x86_64.rpm
lib64varnish-devel-5.0.0-3.1.mga6.x86_64.rpm
varnish-5.0.0-3.1.mga6.x86_64.rpm
varnish-debuginfo-5.0.0-3.1.mga6.x86_64.rpm

from varnish-5.0.0-3.1.mga6.src.rpm

Assignee: pkg-bugs => qa-bugs
Version: Cauldron => 6
Whiteboard: MGA6TOO => has_procedure
CC: (none) => mrambo

Comment 3 Herman Viaene 2017-08-09 11:50:58 CEST 
MGA6-32 on Asus A6000VM MATE
No installation issues.
Following procedure in https://bugs.mageia.org/show_bug.cgi?id=18244#c2 at CLI:
# systemctl start varnish.service
# systemctl status -l varnish.service
● varnish.service - Varnish a high-perfomance HTTP accelerator
   Loaded: loaded (/usr/lib/systemd/system/varnish.service; enabled; vendor preset: enabled)
   Active: active (running) since wo 2017-08-09 11:35:59 CEST; 28s ago
  Process: 24070 ExecStart=/usr/sbin/varnishd -P /run/varnish/varnish.pid -f /etc/varnish/default.vcl -a 
 Main PID: 24081 (varnishd)
   CGroup: /system.slice/varnish.service
           ├─24081 /usr/sbin/varnishd -P /run/varnish/varnish.pid -f /etc/varnish/default.vcl -a :6081 -T
           └─24083 /usr/sbin/varnishd -P /run/varnish/varnish.pid -f /etc/varnish/default.vcl -a :6081 -T

aug 09 11:35:56 mach6.hviaene.thuis systemd[1]: Starting Varnish a high-perfomance HTTP accelerator...
aug 09 11:35:59 mach6.hviaene.thuis systemd[1]: varnish.service: Failed to read PID from file /run/varnis
aug 09 11:35:59 mach6.hviaene.thuis systemd[1]: Started Varnish a high-perfomance HTTP accelerator.
aug 09 11:35:59 mach6.hviaene.thuis varnishd[24081]: Platform: Linux,4.9.40-desktop-1.mga6,i686,-jnone,-s
aug 09 11:35:59 mach6.hviaene.thuis varnishd[24081]: Child (24083) Started
aug 09 11:36:00 mach6.hviaene.thuis varnishd[24081]: Child (24083) said Child starts
aug 09 11:36:00 mach6.hviaene.thuis varnishd[24081]: Child (24083) said SMF.s0 mmap'ed 1073741824 bytes o
# systemctl status -l varnishncsa.service 
● varnishncsa.service - Varnish NCSA logging
   Loaded: loaded (/usr/lib/systemd/system/varnishncsa.service; enabled; vendor preset: enabled)
   Active: inactive (dead)

Seems something was forgotten in the procedure:
# systemctl start varnishncsa.service 
# systemctl status -l varnishncsa.service 
● varnishncsa.service - Varnish NCSA logging
   Loaded: loaded (/usr/lib/systemd/system/varnishncsa.service; enabled; vendor preset: enabled)
   Active: active (running) since wo 2017-08-09 11:39:56 CEST; 4s ago
 Main PID: 24304 (varnishncsa)
   CGroup: /system.slice/varnishncsa.service
           └─24304 /usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log

aug 09 11:39:56 mach6.hviaene.thuis systemd[1]: Started Varnish NCSA logging.
# varnishadm status
Child in state running
# varnishadm backend.list
Backend name                   Admin      Probe                Last updated
boot.default                   probe      Healthy (no probe)   Wed, 09 Aug 2017 09:36:00 GMT
# varnishadm banner
-----------------------------
Varnish Cache CLI 1.0
-----------------------------
Linux,4.9.40-desktop-1.mga6,i686,-jnone,-sfile,-smalloc,-hcritbit
varnish-5.0.0 revision 99d036f

Type 'help' for command list.
Type 'quit' to close CLI session.

As far as I understand this, seems OK

Whiteboard: has_procedure => has_procedure MGA6-32-OK
CC: (none) => herman.viaene

Comment 4 Lewis Smith 2017-08-09 21:32:32 CEST 
Testing M6 x64

BEFORE the update:
 lib64varnish1-5.0.0-3.mga6
 varnish-5.0.0-3.mga6

AFTER the update:
 lib64varnish1-5.0.0-3.1.mga6
 varnish-5.0.0-3.1.mga6

Ran the procedure as corrected by Herman Comment 3 before the update; then
 # systemctl stop varnish.service
 # systemctl stop varnishncsa.service
then after the update, keeping output from both. [Before is shown below].

1. # systemctl start varnish.service

2. # systemctl status -l varnish.service

● varnish.service - Varnish a high-perfomance HTTP accelerator
   Loaded: loaded (/usr/lib/systemd/system/varnish.service; enabled; vendor pres
   Active: active (running) since Mer 2017-08-09 21:01:47 CEST; 18s ago
  Process: 9767 ExecStart=/usr/sbin/varnishd -P /run/varnish/varnish.pid -f /etc
 Main PID: 9777 (varnishd)
   CGroup: /system.slice/varnish.service
           ├─9777 /usr/sbin/varnishd -P /run/varnish/varnish.pid -f /etc/varnish
           └─9778 /usr/sbin/varnishd -P /run/varnish/varnish.pid -f /etc/varnish

Aws 09 21:01:46 localhost.localdomain systemd[1]: Starting Varnish a high-perfom
Aws 09 21:01:47 localhost.localdomain varnishd[9777]: Platform: Linux,4.9.35-des
Aws 09 21:01:47 localhost.localdomain systemd[1]: Started Varnish a high-perfoma
Aws 09 21:01:47 localhost.localdomain varnishd[9777]: Child (9778) Started
Aws 09 21:01:47 localhost.localdomain varnishd[9777]: Child (9778) said Child st
Aws 09 21:01:47 localhost.localdomain varnishd[9777]: Child (9778) said SMF.s0 

3. # systemctl start varnishncsa.service

4. # systemctl status -l varnishncsa.service
● varnishncsa.service - Varnish NCSA logging
   Loaded: loaded (/usr/lib/systemd/system/varnishncsa.service; enabled; vendor 
   Active: active (running) since Mer 2017-08-09 21:03:34 CEST; 18s ago
 Main PID: 11353 (varnishncsa)
   CGroup: /system.slice/varnishncsa.service
           └─11353 /usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log

Aws 09 21:03:34 localhost.localdomain systemd[1]: Started Varnish NCSA logging.

5. # varnishadm status
Child in state running

6. # varnishadm backend.list
Backend name                   Admin      Probe                Last updated
boot.default                   probe      Healthy (no probe)   Wed, 09 Aug 2017 19:01:47 GMT

7. # varnishadm banner
-----------------------------
Varnish Cache CLI 1.0
-----------------------------
Linux,4.9.35-desktop-1.mga6,x86_64,-jnone,-sfile,-smalloc,-hcritbit
varnish-5.0.0 revision 99d036f

Type 'help' for command list.
Type 'quit' to close CLI session.

The output was essentially identical both times, excepting PID and time differences (+ one different log msg order). Deemed OK, validating: advisory to follow.

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA6-32-OK => has_procedure MGA6-32-OK MGA6-64-OK
CC: (none) => lewyssmith, sysadmin-bugs

Lewis Smith 2017-08-09 21:42:06 CEST

Whiteboard: has_procedure MGA6-32-OK MGA6-64-OK => has_procedure MGA6-32-OK MGA6-64-OK advisory

Comment 5 Mageia Robot 2017-08-09 22:02:09 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0253.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED