Mandriva Linux Security Advisory : varnish (MDVSA-2014:036)
Medium Nessus Plugin ID 72551
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated varnish packages fix security vulnerabilities :
Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI (CVE-2013-4484).
Also, the services have been converted from SysV init scripts to systemd-native services, which should allow for more consistent behavior.
SolutionUpdate the affected lib64varnish-devel, lib64varnish1 and / or varnish packages.