{"id":"MGASA-2021-0387","summary":"Updated varnish packages fix a security vulnerability","details":"Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL\nauthorization bypass via a large Content-Length header for a POST request.\nThis affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x\nand 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8\n(CVE-2021-36740).\n","modified":"2026-02-04T02:37:10.910466Z","published":"2021-07-28T20:00:51Z","related":["CVE-2021-36740"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0387.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29290"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/THV2DQA2GS65HUCKK4KSD2XLN3AAQ2V5/"},{"type":"REPORT","url":"https://varnish-cache.org/security/VSV00007.html"}],"affected":[{"package":{"name":"varnish","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/varnish?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.5.1-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0387.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}