[ASA-202505-14] bind: denial of service
[ASA-202505-13] varnish: content spoofing
[ASA-202505-14] bind: denial of service
Arch Linux Security Advisory ASA-202505-14
==========================================
Severity: High
Date : 2025-05-21
CVE-ID : CVE-2025-40775
Package : bind
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-2881
Summary
=======
The package bind before version 9.20.9-1 is vulnerable to denial of
service.
Resolution
==========
Upgrade to 9.20.9-1.
# pacman -Syu "bind>=9.20.9-1"
The problem has been fixed upstream in version 9.20.9.
Workaround
==========
None.
Description
===========
When an incoming DNS protocol message includes a Transaction Signature
(TSIG), BIND always checks it. If the TSIG contains an invalid value in
the algorithm field, BIND immediately aborts with an assertion failure.
Impact
======
A remote attacker can send a specially crafted DNS request leading to a
denial of service.
References
==========
https://kb.isc.org/docs/cve-2025-40775
https://downloads.isc.org/isc/bind9/9.20.9/doc/arm/html/notes.html#security-fixes
https://security.archlinux.org/CVE-2025-40775
[ASA-202505-13] varnish: content spoofing
Arch Linux Security Advisory ASA-202505-13
==========================================
Severity: High
Date : 2025-05-20
CVE-ID : CVE-2025-47905
Package : varnish
Type : content spoofing
Remote : Yes
Link : https://security.archlinux.org/AVG-2879
Summary
=======
The package varnish before version 7.7.1-1 is vulnerable to content
spoofing.
Resolution
==========
Upgrade to 7.7.1-1.
# pacman -Syu "varnish>=7.7.1-1"
The problem has been fixed upstream in version 7.7.1.
Workaround
==========
None.
Description
===========
A client-side desync vulnerability can be triggered in Varnish Cache.
This vulnerability can be triggered under specific circumstances
involving malformed HTTP/1 chunked requests.
An attacker can abuse a flaw in Varnish’s handling of chunked transfer
encoding which allows certain malformed HTTP/1 requests to exploit
improper framing of the message body to smuggle additional requests.
Specifically, Varnish incorrectly permits CRLF to be skipped to delimit
chunk boundaries.
Impact
======
A remote attacker able to send specially crafted HTTP/1 chunked
requests can exploit Varnish to smuggle additional requests,
potentially leading to information disclosure and allowing incorrect or
malicious content to be cached and served to other users.
References
==========
https://varnish-cache.org/releases/rel7.7.1.html
https://varnish-cache.org/security/VSV00016.html
https://varnish-cache.org/lists/pipermail/varnish-announce/2025-May/000767.html
https://security.archlinux.org/CVE-2025-47905
