Incomplete fix for CVE-2020-11653
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
varnish-cache |
Unknown
|
Unknown
|
|||
varnish (Ubuntu) |
Fix Released
|
Undecided
|
Paulo Flabiano Smorigo |
Bug Description
There is an assertion failure in Varnish due to an incomplete fix for CVE-2020-11653, that I provided in bug #1971504.
From the linked GitHub issue (edited):
The Varnish child process dies every few hours, causing Varnish to seemingly dump its cache and start over.
I've been banging my head against this one for a while now. Did a complete reinstall of Varnish from the Focal repo and issue still persists. This was done based on these previous tickets in the belief that some old stuff was still hanging around after an old upgrade. I see this bug as fixed in the 5.1.0 changelog from 2017, which is why I'm a little perplexed on it appearing in 6.2.1-2ubuntu0.1 which I am running.
I have tried commenting out a bunch of rules in defaults.vcl to no avail.
We are running HTTP/2, which these other tickets also reference. Enabled via the varnish unit file (/etc/systemd/
Previous tickets mentioned:
https:/
https:/
https:/
Output from varnishadm panic.show:
Panic at: Tue, 05 Jul 2022 09:41:29 GMT
Assert error in WS_Assert(), cache/cache_ws.c line 59:
Condition(*ws->e == 0x15) not true.
version = varnish-6.2.1 revision 9f8588e4ab78524
ident = Linux,5.
now = 42737.028027 (mono), 1657014088.897058 (real)
Backtrace:
0x56462f3adbcf: /usr/sbin/
0x56462f419cc8: /usr/sbin/
0x56462f3d1f88: /usr/sbin/
0x56462f3d2a64: /usr/sbin/
0x56462f3b7fa0: /usr/sbin/
0x56462f40093d: /usr/sbin/
0x7f5559912609: /lib/x86_
0x7f5559837133: /lib/x86_
thread = (cache-epoll)
pthread.attr = {
guard = 4096,
stack_bottom = 0x7f554a5fe000,
stack_top = 0x7f554adfe000,
stack_size = 8388608,
}
thr.req = (nil) {
},
thr.busyobj = (nil) {
},
vmods = {
std = {Varnish 6.2.1 9f8588e4ab78524
directors = {Varnish 6.2.1 9f8588e4ab78524
},
CVE References
information type: | Private Security → Public Security |
description: | updated |
Changed in varnish (Ubuntu): | |
status: | New → Confirmed |
status: | Confirmed → New |
status: | New → Confirmed |
Changed in varnish (Ubuntu): | |
assignee: | nobody → Paulo Flabiano Smorigo (pfsmorigo) |
Lintian does not produce errors or warnings when run on the patched source package.