[SECURITY] [DLA 4101-1] varnish security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4101-1] varnish security update
From: Adrian Bunk <bunk@debian.org>
Date: Mon, 31 Mar 2025 23:56:25 +0300
Message-id: <[🔎] Z+sBeRcYAOzqdTCo@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4101-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
March 31, 2025                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : varnish
Version        : 6.5.1-1+deb11u4
CVE ID         : CVE-2025-30346

A HTTP/1 client-side desync vulnerability has been fixed in Varnish,
a caching HTTP reverse proxy.

For Debian 11 bullseye, this problem has been fixed in version
6.5.1-1+deb11u4.

We recommend that you upgrade your varnish packages.

For the detailed security status of varnish please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/varnish

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmfrAXkACgkQiNJCh6LY
mLFGng//TjMnBPlxo/6oxEZR5tw50BdnPKuQEJUQ/yVf3bRj7fRrMz2Io8wSrBdm
B6mYATvmbpRxutrk0NKIE9pKL9JhYQeyNLLvjpDU2OblajgLDMSW83CV05Lsdqo6
/oR+PqrWE1sJKHvgAiOCve5aurQdkA5spS8ZoLTXZJgDuVl1o2yfHf4lPcClwvot
wKDLVj8BWISn4+NZ/u8ODAsi4aBD5huSPLpoxGM4/KMqjJrzQTw6JkWibxq0a2b5
l0pqpiHgoOmLB/F2NVpbCK1WmuBOumiSRINI/3H37/APNtG3IG0lMrLQpIkR9XIy
EchSSluTdAjtFOJOzTaFZ7SSmSu3iZ5zqinv+1uCa/UZlpifLYfOIoYV1IbqWpXO
fb7tREZBCLP/kW/3NVpHIcKD/apiIAR1xa6iom9Qk34+hlPFt4i765W3ObiypuHz
olBxHOiQmcJOD5caGLIvlmzO7LbjzWvJoBlqudhVNZ2PQjeMXwAnRy7OGZRek+eU
DJlSPPqMLEES7rCBiOrYf76UWo2fS+lQg7YkRX3Sg4wo+EzjmH0mirBQErbc0gui
CWmFe7+fcNczU45u0mCD2Y2qsUE7n3GFmFHzaWXk7WCR15VijAkCrrJiatjOeQNk
5hzsOK3x+YUqVhuKwOTJr7XJSKncAn38atVLrla9AsKgosVczMQ=
=WSSg
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4100-1] libdata-entropy-perl security update
Next by Date: [SECURITY] [DLA 4102-1] linux-6.1 security update
Previous by thread: [SECURITY] [DLA 4100-1] libdata-entropy-perl security update
Next by thread: [SECURITY] [DLA 4102-1] linux-6.1 security update
Index(es):
- Date
- Thread