{"id":"MGASA-2022-0079","summary":"Updated varnish packages fix security vulnerability","details":"In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS\nbefore 6.0.10, and Varnish Enterprise (Cache Plus) 4.1.x before\n4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1\nconnections. (CVE-2022-23959)\n","modified":"2026-03-25T17:45:17.955873Z","published":"2022-02-22T20:15:16Z","related":["CVE-2022-23959"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0079.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30048"},{"type":"REPORT","url":"https://www.debian.org/lts/security/2022/dla-2920"},{"type":"REPORT","url":"https://docs.varnish-software.com/security/VSV00008/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/"}],"affected":[{"package":{"name":"varnish","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/varnish?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.5.1-1.2.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0079.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}