libvarnishapi2-6.6.1-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11493 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libvarnishapi2-6.6.1-1.2 on GA media These are all security issues fixed in the libvarnishapi2-6.6.1-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11493 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11493 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2019-15892/ SUSE CVE CVE-2019-15892 page openSUSE Tumbleweed libvarnishapi2-6.6.1-1.2 varnish-6.6.1-1.2 varnish-devel-6.6.1-1.2 libvarnishapi2-6.6.1-1.2 as a component of openSUSE Tumbleweed varnish-6.6.1-1.2 as a component of openSUSE Tumbleweed varnish-devel-6.6.1-1.2 as a component of openSUSE Tumbleweed An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack. CVE-2019-15892 openSUSE Tumbleweed:libvarnishapi2-6.6.1-1.2 openSUSE Tumbleweed:varnish-6.6.1-1.2 openSUSE Tumbleweed:varnish-devel-6.6.1-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-15892.html CVE-2019-15892 https://bugzilla.suse.com/1149382 SUSE Bug 1149382