Red Hat Product Errata RHSA-2024:2700 - Security Advisory
Issued:
2024-05-06
Updated:
2024-05-06

RHSA-2024:2700 - Security Advisory

Synopsis

Important: varnish security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for varnish is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

Security Fix(es):

  • varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2271486 - CVE-2024-30156 varnish: HTTP/2 Broken Window Attack may result in denial of service

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM
varnish-6.6.2-2.el9_0.3.src.rpm SHA-256: b0834c14fbabd05d7f557f859dc026243b9b0b9aeaae5d3f4a09e923c50b1196
x86_64
varnish-6.6.2-2.el9_0.3.i686.rpm SHA-256: 44584949da2d27cd7baae7743be7f448b889514f473fb6bd82801dca1d3bd148
varnish-6.6.2-2.el9_0.3.x86_64.rpm SHA-256: ace121f3f825c0a4573fc08052eaba9c301605dbf43b38d7ca68599157a5909b
varnish-docs-6.6.2-2.el9_0.3.x86_64.rpm SHA-256: ece4db966b3a6098e8b95f11c085b6f455963ebac8e6bda72b53c5c2e83b5b47

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM
varnish-6.6.2-2.el9_0.3.src.rpm SHA-256: b0834c14fbabd05d7f557f859dc026243b9b0b9aeaae5d3f4a09e923c50b1196
s390x
varnish-6.6.2-2.el9_0.3.s390x.rpm SHA-256: 5c2ecb640fec0488b2dafb7afb2886c7de6d82107755d04edd48f95e1af77163
varnish-docs-6.6.2-2.el9_0.3.s390x.rpm SHA-256: 8d6e0367c1afe2925ae9d9becf5eed060cfd0619c79451fffdf6384ab366bd66

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM
varnish-6.6.2-2.el9_0.3.src.rpm SHA-256: b0834c14fbabd05d7f557f859dc026243b9b0b9aeaae5d3f4a09e923c50b1196
ppc64le
varnish-6.6.2-2.el9_0.3.ppc64le.rpm SHA-256: b1bd95b37a2fe5cd17f64720a54afd6d65c25c1c5744108542693e9f4704e97a
varnish-docs-6.6.2-2.el9_0.3.ppc64le.rpm SHA-256: 66746e7af81de4c75b7b59ecfaf5ede3b568db85776ed6ec76fc4ddc62307c2c

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM
varnish-6.6.2-2.el9_0.3.src.rpm SHA-256: b0834c14fbabd05d7f557f859dc026243b9b0b9aeaae5d3f4a09e923c50b1196
aarch64
varnish-6.6.2-2.el9_0.3.aarch64.rpm SHA-256: aae84e6f277c5e15b70bd346df0bdbd3de9402c72fac5f5b9d8d4c41447fafc3
varnish-docs-6.6.2-2.el9_0.3.aarch64.rpm SHA-256: b00d3119155ef0be21750728e8e71a7a8dbabb6fa142ae91eee690177b320b87

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
varnish-6.6.2-2.el9_0.3.src.rpm SHA-256: b0834c14fbabd05d7f557f859dc026243b9b0b9aeaae5d3f4a09e923c50b1196
ppc64le
varnish-6.6.2-2.el9_0.3.ppc64le.rpm SHA-256: b1bd95b37a2fe5cd17f64720a54afd6d65c25c1c5744108542693e9f4704e97a
varnish-docs-6.6.2-2.el9_0.3.ppc64le.rpm SHA-256: 66746e7af81de4c75b7b59ecfaf5ede3b568db85776ed6ec76fc4ddc62307c2c

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
varnish-6.6.2-2.el9_0.3.src.rpm SHA-256: b0834c14fbabd05d7f557f859dc026243b9b0b9aeaae5d3f4a09e923c50b1196
x86_64
varnish-6.6.2-2.el9_0.3.i686.rpm SHA-256: 44584949da2d27cd7baae7743be7f448b889514f473fb6bd82801dca1d3bd148
varnish-6.6.2-2.el9_0.3.x86_64.rpm SHA-256: ace121f3f825c0a4573fc08052eaba9c301605dbf43b38d7ca68599157a5909b
varnish-docs-6.6.2-2.el9_0.3.x86_64.rpm SHA-256: ece4db966b3a6098e8b95f11c085b6f455963ebac8e6bda72b53c5c2e83b5b47

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0

SRPM
x86_64
varnish-devel-6.6.2-2.el9_0.3.i686.rpm SHA-256: 238aa2ced27d06cd83b28763c827bbaf304aa0cc30596d75e94a0f6d39fa14e6
varnish-devel-6.6.2-2.el9_0.3.x86_64.rpm SHA-256: 620f33f977542f4d3eba93c32570bea22dd7404644595886e73a13c0018600a8

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0

SRPM
ppc64le
varnish-devel-6.6.2-2.el9_0.3.ppc64le.rpm SHA-256: fa38c49ea76502202d449d4d2983fe09b2038cdd7544cc84d9ec1856b41808f0

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0

SRPM
s390x
varnish-devel-6.6.2-2.el9_0.3.s390x.rpm SHA-256: 544d0209141ba450088fbe56fef0d8ee61832ff5445be3806b23d3d14310c132

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0

SRPM
aarch64
varnish-devel-6.6.2-2.el9_0.3.aarch64.rpm SHA-256: 60dc36adb2108d23360a9320351876a870c3ad7179ae7e10370c25416269b4b3

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
varnish-6.6.2-2.el9_0.3.src.rpm SHA-256: b0834c14fbabd05d7f557f859dc026243b9b0b9aeaae5d3f4a09e923c50b1196
aarch64
varnish-6.6.2-2.el9_0.3.aarch64.rpm SHA-256: aae84e6f277c5e15b70bd346df0bdbd3de9402c72fac5f5b9d8d4c41447fafc3
varnish-docs-6.6.2-2.el9_0.3.aarch64.rpm SHA-256: b00d3119155ef0be21750728e8e71a7a8dbabb6fa142ae91eee690177b320b87

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
varnish-6.6.2-2.el9_0.3.src.rpm SHA-256: b0834c14fbabd05d7f557f859dc026243b9b0b9aeaae5d3f4a09e923c50b1196
s390x
varnish-6.6.2-2.el9_0.3.s390x.rpm SHA-256: 5c2ecb640fec0488b2dafb7afb2886c7de6d82107755d04edd48f95e1af77163
varnish-docs-6.6.2-2.el9_0.3.s390x.rpm SHA-256: 8d6e0367c1afe2925ae9d9becf5eed060cfd0619c79451fffdf6384ab366bd66

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.