=== ChanServ changed the topic of #ubuntu-security to: Twitter: @ubuntu_sec || https://usn.ubuntu.com || https://wiki.ubuntu.com/SecurityTeam || https://wiki.ubuntu.com/Security/Features || Community: amurray | ||
ingvar | Hello. A local team discovered a few days ago that CVE-2020-11653 is probably _not_ fixed in Ubuntu focal. I have added our findings to https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504 | 12:52 |
---|---|---|
ubottu | Launchpad bug 1971504 in varnish (Ubuntu) "Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic" [Medium, Fix Committed] | 12:52 |
ubottu | An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11653> | 12:52 |
ingvar | In short: The patch set added to fix that CVE for varnish-6.2.1 is not complete, and the version of varnish installed with latest focal updates is still potentially vulnerable for DOS attacks. | 12:53 |
mdeslaur | pfsmorigo: ^ | 13:12 |
=== ephemer0l is now known as GeneralDiscourse |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!