Gentoo Linux Security Advisory 201412-30 - Multiple vulnerabilities have been found in Varnish, the worst of which could allow a remote attacker to create a Denial of Service condition. Versions less than 3.0.5 are affected.
3cc565ec381a268c4b834de945bc73e3d1b2fdcb65dc933c43c6010c2389a845
Mandriva Linux Security Advisory 2014-036 - Varnish before 3.0.5 allows remote attackers to cause a denial of service via a GET request with trailing whitespace characters and no URI. Also, the services have been converted from SysV init scripts to systemd-native services, which should allow for more consistent behavior.
fc02cb3564571294ca8fbe0363d8e7dd5c8f5669e65f5fa32a4f6ddb9224686e
Debian Linux Security Advisory 2814-1 - A denial of service vulnerability was reported in varnish, a state of the art, high-performance web accelerator. With some configurations of varnish a remote attacker could mount a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.
6d9b196bb178599d75a77ee1dee4a7a1609b587bc3f0fb2f12f26dd4e6929a51
If Varnish receives a certain illegal request, and the subroutine 'vcl_error{}' restarts the request, the varnishd worker process will crash with an assert. The varnishd management process will restart the worker process, but there will be a brief interruption of service and the cache will be emptied, causing more traffic to go to the backend. Versions 2.0.x, 2.1.x, and 3.0.x are affected.
4dd3ca412788a9fb651556055e5db955a3a0bfa4211fe82cd6b19131b95892b1