Red Hat Product Errata RHSA-2022:8644 - Security Advisory
Issued:
2022-11-28
Updated:
2022-11-28

RHSA-2022:8644 - Security Advisory

Synopsis

Important: varnish security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for varnish is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

Security Fix(es):

  • varnish: Request Forgery Vulnerability (CVE-2022-45060)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2141844 - CVE-2022-45060 varnish: Request Forgery Vulnerability

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM
varnish-6.6.2-2.el9_0.1.src.rpm SHA-256: 26b563b20e0364068f408e2c66c17714453d3c9a6a0478e30234b25b97c18946
x86_64
varnish-6.6.2-2.el9_0.1.i686.rpm SHA-256: 6c62e3e38e45b97ccee34689f0d4d53d83e322dda75d362387878da96d8680b6
varnish-6.6.2-2.el9_0.1.x86_64.rpm SHA-256: f0dcf4cd84133c4d8863249029fcdf2ac2f93318afb54f0dcdfb7841bfc44fed
varnish-docs-6.6.2-2.el9_0.1.x86_64.rpm SHA-256: 862e7ec6d42c5e426402b7b5c0ef726cd539be47113581a8d29d6cc735f7a477

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM
varnish-6.6.2-2.el9_0.1.src.rpm SHA-256: 26b563b20e0364068f408e2c66c17714453d3c9a6a0478e30234b25b97c18946
s390x
varnish-6.6.2-2.el9_0.1.s390x.rpm SHA-256: e3cd7823478628108edb2b8300b66a9bcff4b3ec5cd519dd096672ec7bcbdd90
varnish-docs-6.6.2-2.el9_0.1.s390x.rpm SHA-256: ccf3c28a5c4cc112a45cd4f4b7da334cef68629caa52b02e9e22693ebfcf18d6

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM
varnish-6.6.2-2.el9_0.1.src.rpm SHA-256: 26b563b20e0364068f408e2c66c17714453d3c9a6a0478e30234b25b97c18946
ppc64le
varnish-6.6.2-2.el9_0.1.ppc64le.rpm SHA-256: 4eb35a1323f8490575a84af6af7c24121a98c484d071413819cf4cdbf23dd4f1
varnish-docs-6.6.2-2.el9_0.1.ppc64le.rpm SHA-256: 8dba4cd941452593a62776d7803a92d9b47e40e72e03d9858954ef20d1345d1d

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM
varnish-6.6.2-2.el9_0.1.src.rpm SHA-256: 26b563b20e0364068f408e2c66c17714453d3c9a6a0478e30234b25b97c18946
aarch64
varnish-6.6.2-2.el9_0.1.aarch64.rpm SHA-256: 12c3ec799b15c7e8d514235719d15e398da54e4e1d23393fafd6f0985c3553f8
varnish-docs-6.6.2-2.el9_0.1.aarch64.rpm SHA-256: a871d83027b0aa24c90e7a99f6040ce62eea19303569b4e21f77553f9dadbdba

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
varnish-6.6.2-2.el9_0.1.src.rpm SHA-256: 26b563b20e0364068f408e2c66c17714453d3c9a6a0478e30234b25b97c18946
ppc64le
varnish-6.6.2-2.el9_0.1.ppc64le.rpm SHA-256: 4eb35a1323f8490575a84af6af7c24121a98c484d071413819cf4cdbf23dd4f1
varnish-docs-6.6.2-2.el9_0.1.ppc64le.rpm SHA-256: 8dba4cd941452593a62776d7803a92d9b47e40e72e03d9858954ef20d1345d1d

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
varnish-6.6.2-2.el9_0.1.src.rpm SHA-256: 26b563b20e0364068f408e2c66c17714453d3c9a6a0478e30234b25b97c18946
x86_64
varnish-6.6.2-2.el9_0.1.i686.rpm SHA-256: 6c62e3e38e45b97ccee34689f0d4d53d83e322dda75d362387878da96d8680b6
varnish-6.6.2-2.el9_0.1.x86_64.rpm SHA-256: f0dcf4cd84133c4d8863249029fcdf2ac2f93318afb54f0dcdfb7841bfc44fed
varnish-docs-6.6.2-2.el9_0.1.x86_64.rpm SHA-256: 862e7ec6d42c5e426402b7b5c0ef726cd539be47113581a8d29d6cc735f7a477

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0

SRPM
x86_64
varnish-devel-6.6.2-2.el9_0.1.i686.rpm SHA-256: 75a8661aecabc3ec9fe7963ef78c98c54361da4f44cafacd8ad4236f656527b0
varnish-devel-6.6.2-2.el9_0.1.x86_64.rpm SHA-256: e5aa68890183402a5be70a6f8de9274736df155530fc496fb028d0a78e3d2b82

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0

SRPM
ppc64le
varnish-devel-6.6.2-2.el9_0.1.ppc64le.rpm SHA-256: 49a67b3b72306de52427aa0317d1a7eada3e1bff685a58c084430e4b3fff0275

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0

SRPM
s390x
varnish-devel-6.6.2-2.el9_0.1.s390x.rpm SHA-256: 62e692b860a9e52715fca4df122bb8a1e18ef05b26f68af00d1cdec0241f2f4e

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0

SRPM
aarch64
varnish-devel-6.6.2-2.el9_0.1.aarch64.rpm SHA-256: b16348190e349131d61daab1f3dc7893d403457389f747451c3fcc652ed91368

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
varnish-6.6.2-2.el9_0.1.src.rpm SHA-256: 26b563b20e0364068f408e2c66c17714453d3c9a6a0478e30234b25b97c18946
aarch64
varnish-6.6.2-2.el9_0.1.aarch64.rpm SHA-256: 12c3ec799b15c7e8d514235719d15e398da54e4e1d23393fafd6f0985c3553f8
varnish-docs-6.6.2-2.el9_0.1.aarch64.rpm SHA-256: a871d83027b0aa24c90e7a99f6040ce62eea19303569b4e21f77553f9dadbdba

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
varnish-6.6.2-2.el9_0.1.src.rpm SHA-256: 26b563b20e0364068f408e2c66c17714453d3c9a6a0478e30234b25b97c18946
s390x
varnish-6.6.2-2.el9_0.1.s390x.rpm SHA-256: e3cd7823478628108edb2b8300b66a9bcff4b3ec5cd519dd096672ec7bcbdd90
varnish-docs-6.6.2-2.el9_0.1.s390x.rpm SHA-256: ccf3c28a5c4cc112a45cd4f4b7da334cef68629caa52b02e9e22693ebfcf18d6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.