{"id":"MGASA-2017-0435","summary":"Updated varnish packages fix security vulnerability","details":"vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache\n4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to\nobtain sensitive information from process memory because a\nVFP_GetStorage buffer is larger than intended in certain circumstances\ninvolving -sfile Stevedore transient objects. (CVE-2017-8807)\n","modified":"2026-04-16T06:23:05.186674952Z","published":"2017-12-01T23:13:21Z","upstream":["CVE-2017-8807"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0435.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22035"},{"type":"WEB","url":"https://varnish-cache.org/security/VSV00002.html"},{"type":"WEB","url":"https://www.debian.org/security/2017/dsa-4034"}],"affected":[{"package":{"name":"varnish","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/varnish?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.0.0-3.2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0435.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}