{"id":"MGASA-2025-0239","summary":"Updated varnish & lighttpd packages fix security vulnerability","details":"It was discovered that a denial of service attack can be performed on\ncache servers that have the HTTP/2 protocol turned on. An attacker can\ncreate a large number of streams and immediately reset them without ever\nreaching the maximum number of concurrent streams allowed for the\nsession, causing the server to consume unnecessary resources processing\nrequests for which the response will not be delivered (CVE-2025-8671).\n","modified":"2026-02-04T03:07:19.842287Z","published":"2025-10-17T01:40:56Z","related":["CVE-2025-8671"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0239.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34587"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/08/13/6"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/08/16/1"}],"affected":[{"package":{"name":"varnish","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/varnish?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.7.3-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0239.json"}},{"package":{"name":"lighttpd","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/lighttpd?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.80-1.3.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0239.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}