varnish:6 security update

エラータID: AXSA:2021-2381:01

Release date: 
Tuesday, August 24, 2021 - 02:47
Subject: 
varnish:6 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

Security Fix(es):

* varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request (CVE-2021-36740)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-36740
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.

Modularity name: varnish
Stream name: 6

Solution: 

Update packages.

CVEs: 
CVE-2021-36740
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
Additional Info: 

N/A

Download: 

SRPMS
  1. varnish-modules-0.15.0-5.module+el8+1297+d995ec21.src.rpm
    MD5: f2f3787674e9d08939c36e606fe6b84d
    SHA-256: 95f6c943f3519fbaf627e05b98db09f81f8278dc320831cf8790b2fdc049182a
    Size: 431.27 kB
  2. varnish-6.0.6-2.module+el8+1297+d995ec21.1.src.rpm
    MD5: ac65566a68b2a34b6814bfce500b19f9
    SHA-256: 10096b3d50fa71caa683285133d3896351356a43a549d62bce678e4ee3f351c5
    Size: 3.05 MB

Asianux Server 8 for x86_64
  1. varnish-modules-0.15.0-5.module+el8+1297+d995ec21.x86_64.rpm
    MD5: 439d06fc52c747b3da831b342c228b69
    SHA-256: 7ae5f0dee3d49bdee273e89d223c6774b6141b722d0387e8c2ef154b28ab3d31
    Size: 81.47 kB
  2. varnish-modules-debugsource-0.15.0-5.module+el8+1297+d995ec21.x86_64.rpm
    MD5: e0b2bfcdb9d9739c36831684b418fdc6
    SHA-256: 10c4005f7aec67d4e4d8c5032541c48582814f337e5b6eba2be9423f05f53292
    Size: 31.55 kB
  3. varnish-6.0.6-2.module+el8+1297+d995ec21.1.x86_64.rpm
    MD5: 8242189c282c27678cfda3d5687b4ba5
    SHA-256: 5edb856d04b800cb86554c2e81eb36fe6260afa4f16ac2f34699aaae3b105265
    Size: 970.41 kB
  4. varnish-devel-6.0.6-2.module+el8+1297+d995ec21.1.x86_64.rpm
    MD5: 43b58e4b95657de5da601a5203b9acd3
    SHA-256: 8bf0db81b451ecaf89b791b1a93c241824719dfa2998d93af99a7294d79f69ba
    Size: 130.40 kB
  5. varnish-docs-6.0.6-2.module+el8+1297+d995ec21.1.x86_64.rpm
    MD5: 40611b7b7b7b04299d4a81e7a2153f18
    SHA-256: 6b9b10955d8766f775863c78ed3d0e622da5effa314f3ce977a6d5803818d10e
    Size: 630.51 kB