A base64 decoding vulnerability has been discovered in vmod-digest.
Vmod-digest is a 3rd party VMOD, maintained and distributed
by Varnish Software, but since it was one of the first VMODs
and has seen very wide deployment, we consider this vulnerability
important enough to issue a VSV, even though no code maintained
by the Varnish Cache Project is involved.
More info at:
https://varnish-cache.org/security/VSV00012.html
and:
https://docs.varnish-software.com/security/VSV00012/
Poul-Henning
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
_______________________________________________
varnish-announce mailing list
varnish-announce@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-announce
Vmod-digest is a 3rd party VMOD, maintained and distributed
by Varnish Software, but since it was one of the first VMODs
and has seen very wide deployment, we consider this vulnerability
important enough to issue a VSV, even though no code maintained
by the Varnish Cache Project is involved.
More info at:
https://varnish-cache.org/security/VSV00012.html
and:
https://docs.varnish-software.com/security/VSV00012/
Poul-Henning
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
_______________________________________________
varnish-announce mailing list
varnish-announce@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-announce