Amazon Linux 1 Security Advisory: ALAS-2022-1632
Advisory Release Date: 2022-08-15 18:37 Pacific
Advisory Updated Date: 2022-08-22 23:57 Pacific
A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language (VCL) processing since the Varnish server treats it as an additional request. (CVE-2022-23959)
Affected Packages:
varnish
Issue Correction:
Run yum update varnish to update your system.
i686:
varnish-libs-4.0.5-3.23.amzn1.i686
varnish-libs-devel-4.0.5-3.23.amzn1.i686
varnish-docs-4.0.5-3.23.amzn1.i686
varnish-4.0.5-3.23.amzn1.i686
varnish-debuginfo-4.0.5-3.23.amzn1.i686
src:
varnish-4.0.5-3.23.amzn1.src
x86_64:
varnish-libs-4.0.5-3.23.amzn1.x86_64
varnish-libs-devel-4.0.5-3.23.amzn1.x86_64
varnish-4.0.5-3.23.amzn1.x86_64
varnish-docs-4.0.5-3.23.amzn1.x86_64
varnish-debuginfo-4.0.5-3.23.amzn1.x86_64