ALAS-2022-1632


Amazon Linux 1 Security Advisory: ALAS-2022-1632
Advisory Release Date: 2022-08-15 18:37 Pacific
Advisory Updated Date: 2022-08-22 23:57 Pacific
Severity: Important

Issue Overview:

A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language (VCL) processing since the Varnish server treats it as an additional request. (CVE-2022-23959)


Affected Packages:

varnish


Issue Correction:
Run yum update varnish to update your system.

New Packages:
i686:
    varnish-libs-4.0.5-3.23.amzn1.i686
    varnish-libs-devel-4.0.5-3.23.amzn1.i686
    varnish-docs-4.0.5-3.23.amzn1.i686
    varnish-4.0.5-3.23.amzn1.i686
    varnish-debuginfo-4.0.5-3.23.amzn1.i686

src:
    varnish-4.0.5-3.23.amzn1.src

x86_64:
    varnish-libs-4.0.5-3.23.amzn1.x86_64
    varnish-libs-devel-4.0.5-3.23.amzn1.x86_64
    varnish-4.0.5-3.23.amzn1.x86_64
    varnish-docs-4.0.5-3.23.amzn1.x86_64
    varnish-debuginfo-4.0.5-3.23.amzn1.x86_64