opensuse-su-2022:0148-1
Vulnerability from csaf_opensuse
Published
2022-05-27 04:23
Modified
2022-05-27 04:23
Summary
Security update for varnish
Notes
Title of the patch
Security update for varnish
Description of the patch
This update for varnish fixes the following issues:
varnish was updated to release 7.1.0 [boo#1195188] [CVE-2022-23959]
* VCL: It is now possible to assign a BLOB value to a BODY
variable, in addition to STRING as before.
* VMOD: New STRING strftime(TIME time, STRING format) function
for UTC formatting.
Update to release 6.6.1
* CVE-2021-36740: Fix an HTTP/2.0 request smuggling vulnerability. [boo#1188470]
Update to release 6.6.0:
* The ban_cutoff parameter now refers to the overall length of
the ban list, including completed bans, where before only
non-completed (“active”) bans were counted towards ban_cutoff.
* Body bytes accounting has been fixed to always represent the
number of body bytes moved on the wire, exclusive of
protocol-specific overhead like HTTP/1 chunked encoding or
HTTP/2 framing.
* The connection close reason has been fixed to properly report
SC_RESP_CLOSE where previously only SC_REQ_CLOSE was reported.
* Unless the new validate_headers feature is disabled, all newly
set headers are now validated to contain only characters
allowed by RFC7230.
* The filter_re, keep_re and get_re functions from the bundled
cookie vmod have been changed to take the VCL_REGEX type. This
implies that their regular expression arguments now need to be
literal, not e.g. string.
* The interface for private pointers in VMODs has been changed,
the VRT backend interface has been changed, many filter
(VDP/VFP) related signatures have been changed, and the
stevedore API has been changed. (Details thereto, see online
changelog.)
Update to release 6.5.1
* Bump the VRT_MAJOR_VERSION number defined in the vrt.h
Update to release 6.5.0
* `PRIV_TOP` is now thread-safe to support parallel ESI
implementations.
* varnishstat's JSON output format (-j option) has been changed.
* Behavior for 304-type responses was changed not to update the
Content-Encoding response header of the stored object.
- Update Git-Web repository link
Update to release 6.4.0
* The MAIN.sess_drop counter is gone.
* backend 'none' was added for 'no backend'.
* The hash algorithm of the hash director was changed, so
backend selection will change once only when upgrading.
* It is now possible for VMOD authors to customize the
connection pooling of a dynamic backend.
* For more, see changes.rst.
Update to release 6.3.2
* Fix a denial of service vulnerability when using the proxy
protocol version 2.
Update to release 6.3.0
* The Host: header is folded to lower-case in the builtin_vcl.
* Improved performance of shared memory statistics counters.
* Synthetic objects created from vcl_backend_error {} now
replace existing stale objects as ordinary backend fetches
would (for details see changes.rst)
Patchnames
openSUSE-2022-148
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for varnish",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for varnish fixes the following issues:\n\nvarnish was updated to release 7.1.0 [boo#1195188] [CVE-2022-23959]\n\n* VCL: It is now possible to assign a BLOB value to a BODY\n variable, in addition to STRING as before.\n* VMOD: New STRING strftime(TIME time, STRING format) function\n for UTC formatting.\n\nUpdate to release 6.6.1\n\n* CVE-2021-36740: Fix an HTTP/2.0 request smuggling vulnerability. [boo#1188470]\n\nUpdate to release 6.6.0:\n\n* The ban_cutoff parameter now refers to the overall length of\n the ban list, including completed bans, where before only\n non-completed (\u201cactive\u201d) bans were counted towards ban_cutoff.\n* Body bytes accounting has been fixed to always represent the\n number of body bytes moved on the wire, exclusive of\n protocol-specific overhead like HTTP/1 chunked encoding or\n HTTP/2 framing.\n* The connection close reason has been fixed to properly report\n SC_RESP_CLOSE where previously only SC_REQ_CLOSE was reported.\n* Unless the new validate_headers feature is disabled, all newly\n set headers are now validated to contain only characters\n allowed by RFC7230.\n* The filter_re, keep_re and get_re functions from the bundled\n cookie vmod have been changed to take the VCL_REGEX type. This\n implies that their regular expression arguments now need to be\n literal, not e.g. string.\n* The interface for private pointers in VMODs has been changed,\n the VRT backend interface has been changed, many filter\n (VDP/VFP) related signatures have been changed, and the\n stevedore API has been changed. (Details thereto, see online\n changelog.)\n\nUpdate to release 6.5.1\n\n* Bump the VRT_MAJOR_VERSION number defined in the vrt.h\n\nUpdate to release 6.5.0\n\n* `PRIV_TOP` is now thread-safe to support parallel ESI\n implementations.\n* varnishstat\u0027s JSON output format (-j option) has been changed.\n* Behavior for 304-type responses was changed not to update the\n Content-Encoding response header of the stored object.\n\n- Update Git-Web repository link\n\nUpdate to release 6.4.0\n\n* The MAIN.sess_drop counter is gone.\n* backend \u0027none\u0027 was added for \u0027no backend\u0027.\n* The hash algorithm of the hash director was changed, so\n backend selection will change once only when upgrading.\n* It is now possible for VMOD authors to customize the\n connection pooling of a dynamic backend.\n* For more, see changes.rst.\n\nUpdate to release 6.3.2\n\n* Fix a denial of service vulnerability when using the proxy\n protocol version 2.\n\nUpdate to release 6.3.0\n\n* The Host: header is folded to lower-case in the builtin_vcl.\n* Improved performance of shared memory statistics counters.\n* Synthetic objects created from vcl_backend_error {} now\n replace existing stale objects as ordinary backend fetches\n would (for details see changes.rst)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-148",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0148-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0148-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KTY3FIXDKQEQLMHOF4U46AQ47W524UIM/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0148-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KTY3FIXDKQEQLMHOF4U46AQ47W524UIM/"
},
{
"category": "self",
"summary": "SUSE Bug 1181400",
"url": "https://bugzilla.suse.com/1181400"
},
{
"category": "self",
"summary": "SUSE Bug 1188470",
"url": "https://bugzilla.suse.com/1188470"
},
{
"category": "self",
"summary": "SUSE Bug 1195188",
"url": "https://bugzilla.suse.com/1195188"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36740 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23959 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23959/"
}
],
"title": "Security update for varnish",
"tracking": {
"current_release_date": "2022-05-27T04:23:45Z",
"generator": {
"date": "2022-05-27T04:23:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0148-1",
"initial_release_date": "2022-05-27T04:23:45Z",
"revision_history": [
{
"date": "2022-05-27T04:23:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.aarch64",
"product": {
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.aarch64",
"product_id": "libvarnishapi3-7.1.0-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "varnish-7.1.0-bp153.2.3.1.aarch64",
"product": {
"name": "varnish-7.1.0-bp153.2.3.1.aarch64",
"product_id": "varnish-7.1.0-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "varnish-devel-7.1.0-bp153.2.3.1.aarch64",
"product": {
"name": "varnish-devel-7.1.0-bp153.2.3.1.aarch64",
"product_id": "varnish-devel-7.1.0-bp153.2.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.i586",
"product": {
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.i586",
"product_id": "libvarnishapi3-7.1.0-bp153.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "varnish-7.1.0-bp153.2.3.1.i586",
"product": {
"name": "varnish-7.1.0-bp153.2.3.1.i586",
"product_id": "varnish-7.1.0-bp153.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "varnish-devel-7.1.0-bp153.2.3.1.i586",
"product": {
"name": "varnish-devel-7.1.0-bp153.2.3.1.i586",
"product_id": "varnish-devel-7.1.0-bp153.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le",
"product": {
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le",
"product_id": "libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "varnish-7.1.0-bp153.2.3.1.ppc64le",
"product": {
"name": "varnish-7.1.0-bp153.2.3.1.ppc64le",
"product_id": "varnish-7.1.0-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "varnish-devel-7.1.0-bp153.2.3.1.ppc64le",
"product": {
"name": "varnish-devel-7.1.0-bp153.2.3.1.ppc64le",
"product_id": "varnish-devel-7.1.0-bp153.2.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.s390x",
"product": {
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.s390x",
"product_id": "libvarnishapi3-7.1.0-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "varnish-7.1.0-bp153.2.3.1.s390x",
"product": {
"name": "varnish-7.1.0-bp153.2.3.1.s390x",
"product_id": "varnish-7.1.0-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "varnish-devel-7.1.0-bp153.2.3.1.s390x",
"product": {
"name": "varnish-devel-7.1.0-bp153.2.3.1.s390x",
"product_id": "varnish-devel-7.1.0-bp153.2.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.x86_64",
"product": {
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.x86_64",
"product_id": "libvarnishapi3-7.1.0-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "varnish-7.1.0-bp153.2.3.1.x86_64",
"product": {
"name": "varnish-7.1.0-bp153.2.3.1.x86_64",
"product_id": "varnish-7.1.0-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "varnish-devel-7.1.0-bp153.2.3.1.x86_64",
"product": {
"name": "varnish-devel-7.1.0-bp153.2.3.1.x86_64",
"product_id": "varnish-devel-7.1.0-bp153.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP3",
"product": {
"name": "SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.aarch64"
},
"product_reference": "libvarnishapi3-7.1.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.i586"
},
"product_reference": "libvarnishapi3-7.1.0-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le"
},
"product_reference": "libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.s390x"
},
"product_reference": "libvarnishapi3-7.1.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.x86_64"
},
"product_reference": "libvarnishapi3-7.1.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-7.1.0-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.aarch64"
},
"product_reference": "varnish-7.1.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-7.1.0-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.i586"
},
"product_reference": "varnish-7.1.0-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-7.1.0-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.ppc64le"
},
"product_reference": "varnish-7.1.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-7.1.0-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.s390x"
},
"product_reference": "varnish-7.1.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-7.1.0-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.x86_64"
},
"product_reference": "varnish-7.1.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-7.1.0-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.aarch64"
},
"product_reference": "varnish-devel-7.1.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-7.1.0-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.i586"
},
"product_reference": "varnish-devel-7.1.0-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-7.1.0-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.ppc64le"
},
"product_reference": "varnish-devel-7.1.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-7.1.0-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.s390x"
},
"product_reference": "varnish-devel-7.1.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-7.1.0-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.x86_64"
},
"product_reference": "varnish-devel-7.1.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.aarch64"
},
"product_reference": "libvarnishapi3-7.1.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.i586"
},
"product_reference": "libvarnishapi3-7.1.0-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le"
},
"product_reference": "libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.s390x"
},
"product_reference": "libvarnishapi3-7.1.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvarnishapi3-7.1.0-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.x86_64"
},
"product_reference": "libvarnishapi3-7.1.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-7.1.0-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.aarch64"
},
"product_reference": "varnish-7.1.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-7.1.0-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.i586"
},
"product_reference": "varnish-7.1.0-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-7.1.0-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.ppc64le"
},
"product_reference": "varnish-7.1.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-7.1.0-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.s390x"
},
"product_reference": "varnish-7.1.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-7.1.0-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.x86_64"
},
"product_reference": "varnish-7.1.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-7.1.0-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.aarch64"
},
"product_reference": "varnish-devel-7.1.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-7.1.0-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.i586"
},
"product_reference": "varnish-devel-7.1.0-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-7.1.0-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.ppc64le"
},
"product_reference": "varnish-devel-7.1.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-7.1.0-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.s390x"
},
"product_reference": "varnish-devel-7.1.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "varnish-devel-7.1.0-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.x86_64"
},
"product_reference": "varnish-devel-7.1.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36740"
}
],
"notes": [
{
"category": "general",
"text": "Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36740",
"url": "https://www.suse.com/security/cve/CVE-2021-36740"
},
{
"category": "external",
"summary": "SUSE Bug 1188470 for CVE-2021-36740",
"url": "https://bugzilla.suse.com/1188470"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-27T04:23:45Z",
"details": "important"
}
],
"title": "CVE-2021-36740"
},
{
"cve": "CVE-2022-23959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23959"
}
],
"notes": [
{
"category": "general",
"text": "In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23959",
"url": "https://www.suse.com/security/cve/CVE-2022-23959"
},
{
"category": "external",
"summary": "SUSE Bug 1195188 for CVE-2022-23959",
"url": "https://bugzilla.suse.com/1195188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libvarnishapi3-7.1.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:varnish-7.1.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:varnish-devel-7.1.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libvarnishapi3-7.1.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:varnish-7.1.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:varnish-devel-7.1.0-bp153.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-27T04:23:45Z",
"details": "important"
}
],
"title": "CVE-2022-23959"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…