Red Hat Product Errata RHSA-2024:2938 - Security Advisory
Issued:
2024-05-21
Updated:
2024-05-21

RHSA-2024:2938 - Security Advisory

Synopsis

Important: varnish:6 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in
memory so web servers don't have to create the same web page over and over
again, giving the website a significant speed up.

Security Fix(es):

  • varnish:6: HTTP/2 Broken Window Attack may result in denial of service

(CVE-2024-30156)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2271486 - CVE-2024-30156 varnish: HTTP/2 Broken Window Attack may result in denial of service

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4

SRPM
varnish-6.0.6-2.module+el8.4.0+21799+2c737c67.5.src.rpm SHA-256: 0d116237338375f3ece11e650f68ddcdb618e66ab77a83aa37342f9ff8457749
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb
x86_64
varnish-6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64.rpm SHA-256: 39bb566ba52b6bcb5f6eaadd09f00f754b6d81850d78556e41030425a3bf260f
varnish-devel-6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64.rpm SHA-256: 0c61d8794a2ecc4fd356b36d6e3cba69128415a37de930a114d5933f1da98127
varnish-docs-6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64.rpm SHA-256: bddf34683f0165f71711f053abe21a1e46431906bca7cf1819ce810d4664d31c
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm SHA-256: 920ed07b7c2c15cf5d3e381e340fc2cd5e0021fe4766833033877a9f68f35ab0
varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm SHA-256: 90ca3131462169fc8032b17f247172f9884af877acc046b1378a10bc9aad20cc
varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm SHA-256: 24e2c0f35c0d4f3cee3ebf383f6679c0cf441bc68e131c4450d856c87b4b8913

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
varnish-6.0.6-2.module+el8.4.0+21799+2c737c67.5.src.rpm SHA-256: 0d116237338375f3ece11e650f68ddcdb618e66ab77a83aa37342f9ff8457749
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb
x86_64
varnish-6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64.rpm SHA-256: 39bb566ba52b6bcb5f6eaadd09f00f754b6d81850d78556e41030425a3bf260f
varnish-devel-6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64.rpm SHA-256: 0c61d8794a2ecc4fd356b36d6e3cba69128415a37de930a114d5933f1da98127
varnish-docs-6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64.rpm SHA-256: bddf34683f0165f71711f053abe21a1e46431906bca7cf1819ce810d4664d31c
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm SHA-256: 920ed07b7c2c15cf5d3e381e340fc2cd5e0021fe4766833033877a9f68f35ab0
varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm SHA-256: 90ca3131462169fc8032b17f247172f9884af877acc046b1378a10bc9aad20cc
varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm SHA-256: 24e2c0f35c0d4f3cee3ebf383f6679c0cf441bc68e131c4450d856c87b4b8913

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
varnish-6.0.6-2.module+el8.4.0+21799+2c737c67.5.src.rpm SHA-256: 0d116237338375f3ece11e650f68ddcdb618e66ab77a83aa37342f9ff8457749
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb
x86_64
varnish-6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64.rpm SHA-256: 39bb566ba52b6bcb5f6eaadd09f00f754b6d81850d78556e41030425a3bf260f
varnish-devel-6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64.rpm SHA-256: 0c61d8794a2ecc4fd356b36d6e3cba69128415a37de930a114d5933f1da98127
varnish-docs-6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64.rpm SHA-256: bddf34683f0165f71711f053abe21a1e46431906bca7cf1819ce810d4664d31c
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm SHA-256: 920ed07b7c2c15cf5d3e381e340fc2cd5e0021fe4766833033877a9f68f35ab0
varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm SHA-256: 90ca3131462169fc8032b17f247172f9884af877acc046b1378a10bc9aad20cc
varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm SHA-256: 24e2c0f35c0d4f3cee3ebf383f6679c0cf441bc68e131c4450d856c87b4b8913

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
varnish-6.0.6-2.module+el8.4.0+21799+2c737c67.5.src.rpm SHA-256: 0d116237338375f3ece11e650f68ddcdb618e66ab77a83aa37342f9ff8457749
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb
ppc64le
varnish-6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le.rpm SHA-256: c9c8494016befbfd3fd2149f5e16d9f105d5bd3d50ebbd8c59c11c505597c580
varnish-devel-6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le.rpm SHA-256: bf2f58b82225c309a867ae247db105addd5ddd44077607f327834fe999bb3705
varnish-docs-6.0.6-2.module+el8.4.0+21799+2c737c67.5.ppc64le.rpm SHA-256: 2c81c7573e530c25ebb4248dc13d5ec717237a399d404a22f5ad3f01ac9250ca
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le.rpm SHA-256: 4dc937261656c078b6e2d48e7832cbdbcc99f0a81a88ef1f40ed31262e913f81
varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le.rpm SHA-256: 261977ebd56c3a590669ab62136a0e3c63db106a9593d6c9c8cbcb4c86f20958
varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le.rpm SHA-256: cc85d7217f2ab315596aa177d4dbbdf7ae287710325bfbf3468a2e5625dead49

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM
varnish-6.0.6-2.module+el8.4.0+21799+2c737c67.5.src.rpm SHA-256: 0d116237338375f3ece11e650f68ddcdb618e66ab77a83aa37342f9ff8457749
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb
x86_64
varnish-6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64.rpm SHA-256: 39bb566ba52b6bcb5f6eaadd09f00f754b6d81850d78556e41030425a3bf260f
varnish-devel-6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64.rpm SHA-256: 0c61d8794a2ecc4fd356b36d6e3cba69128415a37de930a114d5933f1da98127
varnish-docs-6.0.6-2.module+el8.4.0+21799+2c737c67.5.x86_64.rpm SHA-256: bddf34683f0165f71711f053abe21a1e46431906bca7cf1819ce810d4664d31c
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm SHA-256: 920ed07b7c2c15cf5d3e381e340fc2cd5e0021fe4766833033877a9f68f35ab0
varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm SHA-256: 90ca3131462169fc8032b17f247172f9884af877acc046b1378a10bc9aad20cc
varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm SHA-256: 24e2c0f35c0d4f3cee3ebf383f6679c0cf441bc68e131c4450d856c87b4b8913

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.