A Varnish security update for Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1480-1 varnish security update
ELA-1480-1 varnish security update
ELA-1480-1 varnish security update
Package : varnish
Version : 5.0.0-7+deb9u4 (stretch)
Related CVEs :
CVE-2025-47905
A client-side desync vulnerability can be triggered in Varnish Cache, a state
of the art, high-performance web accelerator. An attacker can abuse a flaw in
Varnish’s handling of chunked transfer encoding which allows certain malformed
HTTP/1 requests to exploit improper framing of the message body to smuggle
additional requests. Specifically, Varnish incorrectly permits CRLF to be
skipped to delimit chunk boundaries.ELA-1480-1 varnish security update
