Debian has issued an advisory today (April 22): https://www.debian.org/security/2016/dsa-3553 Patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated varnish packages fix security vulnerabilities: Régis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies (CVE-2015-8852). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8852 https://www.debian.org/security/2016/dsa-3553 ======================== Updated packages in core/updates_testing: ======================== varnish-3.0.3-19.1.mga5 libvarnish1-3.0.3-19.1.mga5 libvarnish-devel-3.0.3-19.1.mga5 from varnish-3.0.3-19.1.mga5.src.rpm
Testing info in bug 11678
Testing complete mga5 64. Using updated procedure. # systemctl start varnish.service # systemctl status -l varnish.service â varnish.service - Varnish a high-perfomance HTTP accelerator Loaded: loaded (/usr/lib/systemd/system/varnish.service; enabled) Active: active (running) since Sat 2016-04-23 13:13:46 BST; 3min 36s ago Process: 31176 ExecStart=/usr/sbin/varnishd -P /run/varnish/varnish.pid -f /etc/varnish/default.vcl -a ${ADDRESS}:${PORT} -T 127.0.0.1:6082 -t 120 -w 5,1000,120 -S /etc/varnish/secret -s $STORAGE (code=exited, status=0/SUCCESS) Main PID: 31186 (varnishd) CGroup: /system.slice/varnish.service ââ31186 /usr/sbin/varnishd -P /run/varnish/varnish.pid -f /etc/varnish/default.vcl -a :6081 -T 127.0.0.1:6082 -t 120 -w 5,1000,120 -S /etc/varnish/secret -s file,/var/lib/varnish/varnish_storage.bin,1G ââ31187 /usr/sbin/varnishd -P /run/varnish/varnish.pid -f /etc/varnish/default.vcl -a :6081 -T 127.0.0.1:6082 -t 120 -w 5,1000,120 -S /etc/varnish/secret -s file,/var/lib/varnish/varnish_storage.bin,1G ...etc # systemctl status -l varnishncsa.service â varnishncsa.service - Varnish NCSA logging Loaded: loaded (/usr/lib/systemd/system/varnishncsa.service; enabled) Active: active (running) since Sat 2016-04-23 13:29:34 BST; 7s ago Main PID: 31424 (varnishncsa) CGroup: /system.slice/varnishncsa.service ââ31424 /usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log # varnishadm status Child in state running # varnishadm backend.list Backend name Refs Admin Probe default(127.0.0.1,,80) 1 probe Healthy (no probe) # varnishadm banner ----------------------------- Varnish Cache CLI 1.0 ----------------------------- Linux,4.1.15-desktop-2.mga5,x86_64,-sfile,-smalloc,-hcritbit Type 'help' for command list. Type 'quit' to close CLI session.
Whiteboard: (none) => has_procedure mga5-64-ok
Validating. Advisory uploaded.
Keywords: (none) => validated_updateWhiteboard: has_procedure mga5-64-ok => has_procedure advisory mga5-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0150.html
Status: NEW => RESOLVEDResolution: (none) => FIXED