Issued:: 2024-07-31
Updated:: 2024-07-31

RHSA-2024:4937 - Security Advisory

Overview
Updated Packages

Synopsis

Important: varnish:6 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

Security Fix(es):

varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2271486 - CVE-2024-30156 varnish: HTTP/2 Broken Window Attack may result in denial of service

CVEs

CVE-2024-30156

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
varnish-6.0.6-1.module+el8.2.0+22154+6b906702.src.rpm	SHA-256: be835b707625d35aa1fbda332a588ded2d56f5d900f8262e963d4406eab1ce0a
varnish-modules-0.15.0-4.module+el8+2481+4078e9d2.src.rpm	SHA-256: a101eb216a9aa903750d880c1fac433f0e0ea1578c7360621305352c1dfbbcd9
x86_64
varnish-6.0.6-1.module+el8.2.0+22154+6b906702.x86_64.rpm	SHA-256: e9e345e9e37f44999fe10e2abbb2c41d24fca1595ca7683c04b126f84864d99c
varnish-devel-6.0.6-1.module+el8.2.0+22154+6b906702.x86_64.rpm	SHA-256: 5b4f697853d07cdaa88d420e950d189d578f52ae1b8d7ef925f2254f3421b8ce
varnish-docs-6.0.6-1.module+el8.2.0+22154+6b906702.x86_64.rpm	SHA-256: 5e8ab521b529a06243375e8dc71eb03da10491a0a874668c41e629bb12867498
varnish-modules-0.15.0-4.module+el8+2481+4078e9d2.x86_64.rpm	SHA-256: 67257e87eae9ca7544823c9aac1fc61736bbf0ee74832664a71acd20979e8167
varnish-modules-debuginfo-0.15.0-4.module+el8+2481+4078e9d2.x86_64.rpm	SHA-256: 07b4604da7dbaff3a48c85f182032fd44eb117f4643b0417e1c68068bb4b8cf6
varnish-modules-debugsource-0.15.0-4.module+el8+2481+4078e9d2.x86_64.rpm	SHA-256: 4aaf768af9486b39f29571ea120d05e1e296a4782a88f9a24b5f274c8ea3abf3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation