Debian has issued an advisory on August 2: https://www.debian.org/security/2017/dsa-3924 Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Patched packages uploaded for Mageia 6 and cauldron. Testing information in https://bugs.mageia.org/show_bug.cgi?id=11678 and https://bugs.mageia.org/show_bug.cgi?id=18244#c2. Advisory: ======================== Patched varnish package fixes security vulnerability: A denial of service vulnerability was discovered in Varnish, a state of the art, high-performance web accelerator. Specially crafted HTTP requests can cause the Varnish daemon to assert and restart, clearing the cache in the process (CVE-2017-12425). References: https://security-tracker.debian.org/tracker/CVE-2017-12425 https://www.debian.org/security/2017/dsa-3924 ======================== Updated packages in core/updates_testing: ======================== lib64varnish1-5.0.0-3.1.mga6.x86_64.rpm lib64varnish-devel-5.0.0-3.1.mga6.x86_64.rpm varnish-5.0.0-3.1.mga6.x86_64.rpm varnish-debuginfo-5.0.0-3.1.mga6.x86_64.rpm from varnish-5.0.0-3.1.mga6.src.rpm
Assignee: pkg-bugs => qa-bugsVersion: Cauldron => 6Whiteboard: MGA6TOO => has_procedureCC: (none) => mrambo
MGA6-32 on Asus A6000VM MATE No installation issues. Following procedure in https://bugs.mageia.org/show_bug.cgi?id=18244#c2 at CLI: # systemctl start varnish.service # systemctl status -l varnish.service ● varnish.service - Varnish a high-perfomance HTTP accelerator Loaded: loaded (/usr/lib/systemd/system/varnish.service; enabled; vendor preset: enabled) Active: active (running) since wo 2017-08-09 11:35:59 CEST; 28s ago Process: 24070 ExecStart=/usr/sbin/varnishd -P /run/varnish/varnish.pid -f /etc/varnish/default.vcl -a Main PID: 24081 (varnishd) CGroup: /system.slice/varnish.service ├─24081 /usr/sbin/varnishd -P /run/varnish/varnish.pid -f /etc/varnish/default.vcl -a :6081 -T └─24083 /usr/sbin/varnishd -P /run/varnish/varnish.pid -f /etc/varnish/default.vcl -a :6081 -T aug 09 11:35:56 mach6.hviaene.thuis systemd[1]: Starting Varnish a high-perfomance HTTP accelerator... aug 09 11:35:59 mach6.hviaene.thuis systemd[1]: varnish.service: Failed to read PID from file /run/varnis aug 09 11:35:59 mach6.hviaene.thuis systemd[1]: Started Varnish a high-perfomance HTTP accelerator. aug 09 11:35:59 mach6.hviaene.thuis varnishd[24081]: Platform: Linux,4.9.40-desktop-1.mga6,i686,-jnone,-s aug 09 11:35:59 mach6.hviaene.thuis varnishd[24081]: Child (24083) Started aug 09 11:36:00 mach6.hviaene.thuis varnishd[24081]: Child (24083) said Child starts aug 09 11:36:00 mach6.hviaene.thuis varnishd[24081]: Child (24083) said SMF.s0 mmap'ed 1073741824 bytes o # systemctl status -l varnishncsa.service ● varnishncsa.service - Varnish NCSA logging Loaded: loaded (/usr/lib/systemd/system/varnishncsa.service; enabled; vendor preset: enabled) Active: inactive (dead) Seems something was forgotten in the procedure: # systemctl start varnishncsa.service # systemctl status -l varnishncsa.service ● varnishncsa.service - Varnish NCSA logging Loaded: loaded (/usr/lib/systemd/system/varnishncsa.service; enabled; vendor preset: enabled) Active: active (running) since wo 2017-08-09 11:39:56 CEST; 4s ago Main PID: 24304 (varnishncsa) CGroup: /system.slice/varnishncsa.service └─24304 /usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log aug 09 11:39:56 mach6.hviaene.thuis systemd[1]: Started Varnish NCSA logging. # varnishadm status Child in state running # varnishadm backend.list Backend name Admin Probe Last updated boot.default probe Healthy (no probe) Wed, 09 Aug 2017 09:36:00 GMT # varnishadm banner ----------------------------- Varnish Cache CLI 1.0 ----------------------------- Linux,4.9.40-desktop-1.mga6,i686,-jnone,-sfile,-smalloc,-hcritbit varnish-5.0.0 revision 99d036f Type 'help' for command list. Type 'quit' to close CLI session. As far as I understand this, seems OK
Whiteboard: has_procedure => has_procedure MGA6-32-OKCC: (none) => herman.viaene
Testing M6 x64 BEFORE the update: lib64varnish1-5.0.0-3.mga6 varnish-5.0.0-3.mga6 AFTER the update: lib64varnish1-5.0.0-3.1.mga6 varnish-5.0.0-3.1.mga6 Ran the procedure as corrected by Herman Comment 3 before the update; then # systemctl stop varnish.service # systemctl stop varnishncsa.service then after the update, keeping output from both. [Before is shown below]. 1. # systemctl start varnish.service 2. # systemctl status -l varnish.service ● varnish.service - Varnish a high-perfomance HTTP accelerator Loaded: loaded (/usr/lib/systemd/system/varnish.service; enabled; vendor pres Active: active (running) since Mer 2017-08-09 21:01:47 CEST; 18s ago Process: 9767 ExecStart=/usr/sbin/varnishd -P /run/varnish/varnish.pid -f /etc Main PID: 9777 (varnishd) CGroup: /system.slice/varnish.service ├─9777 /usr/sbin/varnishd -P /run/varnish/varnish.pid -f /etc/varnish └─9778 /usr/sbin/varnishd -P /run/varnish/varnish.pid -f /etc/varnish Aws 09 21:01:46 localhost.localdomain systemd[1]: Starting Varnish a high-perfom Aws 09 21:01:47 localhost.localdomain varnishd[9777]: Platform: Linux,4.9.35-des Aws 09 21:01:47 localhost.localdomain systemd[1]: Started Varnish a high-perfoma Aws 09 21:01:47 localhost.localdomain varnishd[9777]: Child (9778) Started Aws 09 21:01:47 localhost.localdomain varnishd[9777]: Child (9778) said Child st Aws 09 21:01:47 localhost.localdomain varnishd[9777]: Child (9778) said SMF.s0 3. # systemctl start varnishncsa.service 4. # systemctl status -l varnishncsa.service ● varnishncsa.service - Varnish NCSA logging Loaded: loaded (/usr/lib/systemd/system/varnishncsa.service; enabled; vendor Active: active (running) since Mer 2017-08-09 21:03:34 CEST; 18s ago Main PID: 11353 (varnishncsa) CGroup: /system.slice/varnishncsa.service └─11353 /usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log Aws 09 21:03:34 localhost.localdomain systemd[1]: Started Varnish NCSA logging. 5. # varnishadm status Child in state running 6. # varnishadm backend.list Backend name Admin Probe Last updated boot.default probe Healthy (no probe) Wed, 09 Aug 2017 19:01:47 GMT 7. # varnishadm banner ----------------------------- Varnish Cache CLI 1.0 ----------------------------- Linux,4.9.35-desktop-1.mga6,x86_64,-jnone,-sfile,-smalloc,-hcritbit varnish-5.0.0 revision 99d036f Type 'help' for command list. Type 'quit' to close CLI session. The output was essentially identical both times, excepting PID and time differences (+ one different log msg order). Deemed OK, validating: advisory to follow.
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA6-32-OK => has_procedure MGA6-32-OK MGA6-64-OKCC: (none) => lewyssmith, sysadmin-bugs
Whiteboard: has_procedure MGA6-32-OK MGA6-64-OK => has_procedure MGA6-32-OK MGA6-64-OK advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0253.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED