Red Hat Product Errata RHSA-2024:1689 - Security Advisory
Issued:
2024-04-08
Updated:
2024-04-08

RHSA-2024:1689 - Security Advisory

Synopsis

Important: rh-varnish6-varnish security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rh-varnish6-varnish is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

Security Fix(es):

  • HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64

Fixes

  • BZ - 2271486 - CVE-2024-30156 varnish: HTTP/2 Broken Window Attack may result in denial of service

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM
rh-varnish6-varnish-6.0.13-1.el7.src.rpm SHA-256: 344a957a6e1e7478f1acdaa83878c17632909e3b7bafd6edd8aef6db4bebf5f0
rh-varnish6-varnish-modules-0.15.0-8.el7.src.rpm SHA-256: c7ee391ec79c43ebe2b072922d1105d89d9ecad3794009b55dc020316b7c1c1f
x86_64
rh-varnish6-varnish-6.0.13-1.el7.x86_64.rpm SHA-256: fd27f1965e63d9251164d408634b5a630cbe22800655511a515d39638dc09c8e
rh-varnish6-varnish-devel-6.0.13-1.el7.x86_64.rpm SHA-256: 90aa80659f7523762111fe9dc34883675a49fd26445181471eea92b8bda9d705
rh-varnish6-varnish-docs-6.0.13-1.el7.x86_64.rpm SHA-256: 5ba55834638dd754b2396196b46a8197358cc1d2b824cbaf28120fd6a762f2d9
rh-varnish6-varnish-libs-6.0.13-1.el7.x86_64.rpm SHA-256: 4591a0bea3f701642e9f6523c97b7ea89060cbbc934217c3915f1c62206897a1
rh-varnish6-varnish-modules-0.15.0-8.el7.x86_64.rpm SHA-256: befa47446e2c2ee763713ae90240b506429e6b42fb0cc56ec799f2674dc20216
rh-varnish6-varnish-modules-debuginfo-0.15.0-8.el7.x86_64.rpm SHA-256: 4ef8c37cea5e29d4853dc41a2c293a1574da2e14ffaff5e8be5f8b104becf25a

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7

SRPM
rh-varnish6-varnish-6.0.13-1.el7.src.rpm SHA-256: 344a957a6e1e7478f1acdaa83878c17632909e3b7bafd6edd8aef6db4bebf5f0
rh-varnish6-varnish-modules-0.15.0-8.el7.src.rpm SHA-256: c7ee391ec79c43ebe2b072922d1105d89d9ecad3794009b55dc020316b7c1c1f
s390x
rh-varnish6-varnish-6.0.13-1.el7.s390x.rpm SHA-256: 7e49d19de1a4e59a7253d3e10bbdfa1491f8eca5fec3295fafbd9b4700e8065a
rh-varnish6-varnish-devel-6.0.13-1.el7.s390x.rpm SHA-256: 0c91dd7ed600f55f9723f71cff13cf3501b49d6132baf708f4d5c410914526e5
rh-varnish6-varnish-docs-6.0.13-1.el7.s390x.rpm SHA-256: 37fdbabc2b647623def6f10cb7764934fbb2f029942b99552f890ba9488219c2
rh-varnish6-varnish-libs-6.0.13-1.el7.s390x.rpm SHA-256: 803d1e1bd9aca77cb22f0777c28904654fb704658c12b7d0187441d229f6ca51
rh-varnish6-varnish-modules-0.15.0-8.el7.s390x.rpm SHA-256: dc43a5dff047b5a42a6c99013bd6f6e7e400ea327d3ff73c7bb95f0b48dcc07a
rh-varnish6-varnish-modules-debuginfo-0.15.0-8.el7.s390x.rpm SHA-256: d5d07710ac563fde511f40d9ef260f957661489f8c15ab05a21ec33c088b56fa

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7

SRPM
rh-varnish6-varnish-6.0.13-1.el7.src.rpm SHA-256: 344a957a6e1e7478f1acdaa83878c17632909e3b7bafd6edd8aef6db4bebf5f0
rh-varnish6-varnish-modules-0.15.0-8.el7.src.rpm SHA-256: c7ee391ec79c43ebe2b072922d1105d89d9ecad3794009b55dc020316b7c1c1f
ppc64le
rh-varnish6-varnish-6.0.13-1.el7.ppc64le.rpm SHA-256: 6caf3488c9ce71aa59243d041ea21bee76403e9a63334ed8bf3e75db6c09ebb2
rh-varnish6-varnish-devel-6.0.13-1.el7.ppc64le.rpm SHA-256: 4b93279f623a4cfd89560ac3824a5afb03cfe2a0e8a6c70fd6e6a8c7b224f8c2
rh-varnish6-varnish-docs-6.0.13-1.el7.ppc64le.rpm SHA-256: 48d14da2cef3e328c21add5a6f0cc646e086151f737f8fa10a88f8be0d66374c
rh-varnish6-varnish-libs-6.0.13-1.el7.ppc64le.rpm SHA-256: 8e89b9a6dd7be5a1f25a7a484f80c0385166b9813299a882d9d65ee0f11bb990
rh-varnish6-varnish-modules-0.15.0-8.el7.ppc64le.rpm SHA-256: 91a4206d64f225914d93f188a59ac5f99fa0e46359a8126cda5553d54efdb053
rh-varnish6-varnish-modules-debuginfo-0.15.0-8.el7.ppc64le.rpm SHA-256: 43d7b38afb40a68d324b5ddcdb701efb2f4d39a4d2c7c72c93eb71f17de87453

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM
rh-varnish6-varnish-6.0.13-1.el7.src.rpm SHA-256: 344a957a6e1e7478f1acdaa83878c17632909e3b7bafd6edd8aef6db4bebf5f0
rh-varnish6-varnish-modules-0.15.0-8.el7.src.rpm SHA-256: c7ee391ec79c43ebe2b072922d1105d89d9ecad3794009b55dc020316b7c1c1f
x86_64
rh-varnish6-varnish-6.0.13-1.el7.x86_64.rpm SHA-256: fd27f1965e63d9251164d408634b5a630cbe22800655511a515d39638dc09c8e
rh-varnish6-varnish-devel-6.0.13-1.el7.x86_64.rpm SHA-256: 90aa80659f7523762111fe9dc34883675a49fd26445181471eea92b8bda9d705
rh-varnish6-varnish-docs-6.0.13-1.el7.x86_64.rpm SHA-256: 5ba55834638dd754b2396196b46a8197358cc1d2b824cbaf28120fd6a762f2d9
rh-varnish6-varnish-libs-6.0.13-1.el7.x86_64.rpm SHA-256: 4591a0bea3f701642e9f6523c97b7ea89060cbbc934217c3915f1c62206897a1
rh-varnish6-varnish-modules-0.15.0-8.el7.x86_64.rpm SHA-256: befa47446e2c2ee763713ae90240b506429e6b42fb0cc56ec799f2674dc20216
rh-varnish6-varnish-modules-debuginfo-0.15.0-8.el7.x86_64.rpm SHA-256: 4ef8c37cea5e29d4853dc41a2c293a1574da2e14ffaff5e8be5f8b104becf25a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.