This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
This varnish update to version 3.0.7 fixes the following issues :
Security issues fixed :
- CVE-2015-8852: Vulnerable to HTTP Smuggling issues:
Double Content Length and bad EOL. (boo#976097)
Bugs fixed :
- Stop recognizing a single CR (\r) as a HTTP line
- Improved error detection on master-child process
communication, leading to faster recovery (child
restart) if communication loses sync.
- Fix a corner-case where Content-Length was wrong for
HTTP 1.0 clients, when using gzip and streaming.
- More robust handling of hop-by-hop headers.
- Avoid memory leak when adding bans.
See also :
Update the affected varnish packages.
Risk factor :
Medium / CVSS Base Score : 5.0