- Issued:
- 2024-05-28
- Updated:
- 2024-05-28
RHSA-2024:3426 - Security Advisory
Synopsis
Important: varnish:6 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise
Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Description
Varnish Cache is a high-performance HTTP accelerator. It stores web pages
in memory so web servers don't have to create the same web page over and over
again, giving the website a significant speed up.
Security Fix(es):
- varnish:6: HTTP/2 Broken Window Attack may result in denial of service
(CVE-2024-30156)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2271486 - CVE-2024-30156 varnish: HTTP/2 Broken Window Attack may result in denial of service
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
| SRPM | |
|---|---|
| varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.src.rpm | SHA-256: 35917426e2e893ee5bed439818153b3e63974d704f23ebc983c9dbf079b4475f |
| varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.src.rpm | SHA-256: 4ebfe062040be919d50f2878a1a35f8990a676c8e210ee2c64ce31e447eda88c |
| x86_64 | |
| varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64.rpm | SHA-256: 78fab93788846a9c62109a0be42a4e9bc343fb06da206598981356acda4fa4aa |
| varnish-devel-6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64.rpm | SHA-256: 152beb135ef0c0e374a28b25e177f53d14d2d31c77d56ce96ef85348a0618951 |
| varnish-docs-6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64.rpm | SHA-256: cfad38cb663fcdcf1a680e2bf4f1ee7e14391ed3ca8fadf4fa65e36bf7f5e1ba |
| varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm | SHA-256: 221f156f879f6969b2af2f2ccccba211ceb121381d01ac5409e6a7da963d6bfb |
| varnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm | SHA-256: 36af9dc02305d588e625d62a337c3a461722cd7205496ec3335589b20482ecc1 |
| varnish-modules-debugsource-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm | SHA-256: 31eae30e8f83b9332500cbb394b84dce0ff9eea218040b7e76f157d24a2a7a71 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6
| SRPM | |
|---|---|
| varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.src.rpm | SHA-256: 35917426e2e893ee5bed439818153b3e63974d704f23ebc983c9dbf079b4475f |
| varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.src.rpm | SHA-256: 4ebfe062040be919d50f2878a1a35f8990a676c8e210ee2c64ce31e447eda88c |
| x86_64 | |
| varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64.rpm | SHA-256: 78fab93788846a9c62109a0be42a4e9bc343fb06da206598981356acda4fa4aa |
| varnish-devel-6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64.rpm | SHA-256: 152beb135ef0c0e374a28b25e177f53d14d2d31c77d56ce96ef85348a0618951 |
| varnish-docs-6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64.rpm | SHA-256: cfad38cb663fcdcf1a680e2bf4f1ee7e14391ed3ca8fadf4fa65e36bf7f5e1ba |
| varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm | SHA-256: 221f156f879f6969b2af2f2ccccba211ceb121381d01ac5409e6a7da963d6bfb |
| varnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm | SHA-256: 36af9dc02305d588e625d62a337c3a461722cd7205496ec3335589b20482ecc1 |
| varnish-modules-debugsource-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm | SHA-256: 31eae30e8f83b9332500cbb394b84dce0ff9eea218040b7e76f157d24a2a7a71 |
Red Hat Enterprise Linux Server - AUS 8.6
| SRPM | |
|---|---|
| varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.src.rpm | SHA-256: 35917426e2e893ee5bed439818153b3e63974d704f23ebc983c9dbf079b4475f |
| varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.src.rpm | SHA-256: 4ebfe062040be919d50f2878a1a35f8990a676c8e210ee2c64ce31e447eda88c |
| x86_64 | |
| varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64.rpm | SHA-256: 78fab93788846a9c62109a0be42a4e9bc343fb06da206598981356acda4fa4aa |
| varnish-devel-6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64.rpm | SHA-256: 152beb135ef0c0e374a28b25e177f53d14d2d31c77d56ce96ef85348a0618951 |
| varnish-docs-6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64.rpm | SHA-256: cfad38cb663fcdcf1a680e2bf4f1ee7e14391ed3ca8fadf4fa65e36bf7f5e1ba |
| varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm | SHA-256: 221f156f879f6969b2af2f2ccccba211ceb121381d01ac5409e6a7da963d6bfb |
| varnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm | SHA-256: 36af9dc02305d588e625d62a337c3a461722cd7205496ec3335589b20482ecc1 |
| varnish-modules-debugsource-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm | SHA-256: 31eae30e8f83b9332500cbb394b84dce0ff9eea218040b7e76f157d24a2a7a71 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
| SRPM | |
|---|---|
| varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.src.rpm | SHA-256: 35917426e2e893ee5bed439818153b3e63974d704f23ebc983c9dbf079b4475f |
| varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.src.rpm | SHA-256: 4ebfe062040be919d50f2878a1a35f8990a676c8e210ee2c64ce31e447eda88c |
| s390x | |
| varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x.rpm | SHA-256: a659694be7a9c567d99b8a912ff249bbe2e657f7012a7b7f3db707a24d12e505 |
| varnish-devel-6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x.rpm | SHA-256: 24792f8906599db0e9083b11dd161bcb1ce35d93dfdd520031ab11d2ef3cf41c |
| varnish-docs-6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x.rpm | SHA-256: 57b9b3c07e8f219c38755aba42dab9cd972f6dba065f54d278436d02122fbf79 |
| varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x.rpm | SHA-256: 8166d71b6b85155f105a10550f19e93b96c377e2f613f4c4c26e9a6758773512 |
| varnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x.rpm | SHA-256: 0f4a76a6f8c26c1128375e361cb97d2c886ade9bd6eb6d2da780b3e6f72fd64c |
| varnish-modules-debugsource-0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x.rpm | SHA-256: 1118d2b495c331ac4a89d807e4278185625aa4fabff1efb6526678418e40ce3b |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
| SRPM | |
|---|---|
| varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.src.rpm | SHA-256: 35917426e2e893ee5bed439818153b3e63974d704f23ebc983c9dbf079b4475f |
| varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.src.rpm | SHA-256: 4ebfe062040be919d50f2878a1a35f8990a676c8e210ee2c64ce31e447eda88c |
| ppc64le | |
| varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le.rpm | SHA-256: 1833804333d544dd68a1606563375694724cd5ff713b509fddc8a4675810ca89 |
| varnish-devel-6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le.rpm | SHA-256: 1b3ab8d632e9500a90dc6f921bcf54f079425e235867accc6e3b6b7c1d09c509 |
| varnish-docs-6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le.rpm | SHA-256: 9da5c5942ffea3047cec489ce441b238139d1c039c702e4cc7b0441e0d1a8439 |
| varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le.rpm | SHA-256: 5aa000a67dbaea78f3c7e06e3e47cb6d5ed27466e64e7cbd6e375d4ac30f5dc4 |
| varnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le.rpm | SHA-256: e4cffa9afc9e318c18dcca237772c2237c8b08717ab56dda529d94d1772abafc |
| varnish-modules-debugsource-0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le.rpm | SHA-256: 6535f94cd88b59b197081f74ea87859289d8bccb40be675493ad61a79d21214a |
Red Hat Enterprise Linux Server - TUS 8.6
| SRPM | |
|---|---|
| varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.src.rpm | SHA-256: 35917426e2e893ee5bed439818153b3e63974d704f23ebc983c9dbf079b4475f |
| varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.src.rpm | SHA-256: 4ebfe062040be919d50f2878a1a35f8990a676c8e210ee2c64ce31e447eda88c |
| x86_64 | |
| varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64.rpm | SHA-256: 78fab93788846a9c62109a0be42a4e9bc343fb06da206598981356acda4fa4aa |
| varnish-devel-6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64.rpm | SHA-256: 152beb135ef0c0e374a28b25e177f53d14d2d31c77d56ce96ef85348a0618951 |
| varnish-docs-6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64.rpm | SHA-256: cfad38cb663fcdcf1a680e2bf4f1ee7e14391ed3ca8fadf4fa65e36bf7f5e1ba |
| varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm | SHA-256: 221f156f879f6969b2af2f2ccccba211ceb121381d01ac5409e6a7da963d6bfb |
| varnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm | SHA-256: 36af9dc02305d588e625d62a337c3a461722cd7205496ec3335589b20482ecc1 |
| varnish-modules-debugsource-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm | SHA-256: 31eae30e8f83b9332500cbb394b84dce0ff9eea218040b7e76f157d24a2a7a71 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
| SRPM | |
|---|---|
| varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.src.rpm | SHA-256: 35917426e2e893ee5bed439818153b3e63974d704f23ebc983c9dbf079b4475f |
| varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.src.rpm | SHA-256: 4ebfe062040be919d50f2878a1a35f8990a676c8e210ee2c64ce31e447eda88c |
| aarch64 | |
| varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64.rpm | SHA-256: 675dbc1433e20b37a1eaa6c9a371a1b5f9bc0b34f64cbb3d56d42ffb01cdb9f8 |
| varnish-devel-6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64.rpm | SHA-256: e011b908085f5ba4977f81eb06d173cf87ec9622d23ce4db9bc0930bf3afd483 |
| varnish-docs-6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64.rpm | SHA-256: 1a28cd45fcd700a3affb3f37c329603da3a202d5df456874d00c1ffdf0626acf |
| varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64.rpm | SHA-256: e882c7096da09ad91dfd556cd565f38e0d35023f5aa0a5233da682fa54df8cf0 |
| varnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64.rpm | SHA-256: 4278121d0b416246faf799277094abd997146e564413376c11a5893b68a33f33 |
| varnish-modules-debugsource-0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64.rpm | SHA-256: a91b9c71657c6474f52e2dd3e4a573d3d8b999b7b0e2135e4febe56db54a7c4a |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
| SRPM | |
|---|---|
| varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.src.rpm | SHA-256: 35917426e2e893ee5bed439818153b3e63974d704f23ebc983c9dbf079b4475f |
| varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.src.rpm | SHA-256: 4ebfe062040be919d50f2878a1a35f8990a676c8e210ee2c64ce31e447eda88c |
| ppc64le | |
| varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le.rpm | SHA-256: 1833804333d544dd68a1606563375694724cd5ff713b509fddc8a4675810ca89 |
| varnish-devel-6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le.rpm | SHA-256: 1b3ab8d632e9500a90dc6f921bcf54f079425e235867accc6e3b6b7c1d09c509 |
| varnish-docs-6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le.rpm | SHA-256: 9da5c5942ffea3047cec489ce441b238139d1c039c702e4cc7b0441e0d1a8439 |
| varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le.rpm | SHA-256: 5aa000a67dbaea78f3c7e06e3e47cb6d5ed27466e64e7cbd6e375d4ac30f5dc4 |
| varnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le.rpm | SHA-256: e4cffa9afc9e318c18dcca237772c2237c8b08717ab56dda529d94d1772abafc |
| varnish-modules-debugsource-0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le.rpm | SHA-256: 6535f94cd88b59b197081f74ea87859289d8bccb40be675493ad61a79d21214a |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
| SRPM | |
|---|---|
| varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.src.rpm | SHA-256: 35917426e2e893ee5bed439818153b3e63974d704f23ebc983c9dbf079b4475f |
| varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.src.rpm | SHA-256: 4ebfe062040be919d50f2878a1a35f8990a676c8e210ee2c64ce31e447eda88c |
| x86_64 | |
| varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64.rpm | SHA-256: 78fab93788846a9c62109a0be42a4e9bc343fb06da206598981356acda4fa4aa |
| varnish-devel-6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64.rpm | SHA-256: 152beb135ef0c0e374a28b25e177f53d14d2d31c77d56ce96ef85348a0618951 |
| varnish-docs-6.0.8-2.module+el8.6.0+21852+17475f6a.3.x86_64.rpm | SHA-256: cfad38cb663fcdcf1a680e2bf4f1ee7e14391ed3ca8fadf4fa65e36bf7f5e1ba |
| varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm | SHA-256: 221f156f879f6969b2af2f2ccccba211ceb121381d01ac5409e6a7da963d6bfb |
| varnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm | SHA-256: 36af9dc02305d588e625d62a337c3a461722cd7205496ec3335589b20482ecc1 |
| varnish-modules-debugsource-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm | SHA-256: 31eae30e8f83b9332500cbb394b84dce0ff9eea218040b7e76f157d24a2a7a71 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
