varnish-6.6.2-2.el9.1

エラータID: AXSA:2023-4930:01

Release date: 
Wednesday, February 1, 2023 - 06:09
Subject: 
varnish-6.6.2-2.el9.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

Security Fix(es):

* varnish: Request Forgery Vulnerability (CVE-2022-45060)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-45060
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.

Solution: 

Update packages.

CVEs: 
CVE-2022-45060
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.
Additional Info: 

N/A

Download: 

SRPMS
  1. varnish-6.6.2-2.el9.1.src.rpm
    MD5: 7227ddc23d0dfd6e20decaff3f6736db
    SHA-256: 55ce0fb5aaa0fc9a9c3330d1a02aa09a9473166eb79c0f3b4f0faedb34747ab3
    Size: 3.38 MB

Asianux Server 9 for x86_64
  1. varnish-6.6.2-2.el9.1.x86_64.rpm
    MD5: 30c6fbd0e6115c97963d918a844323ac
    SHA-256: 06d644ad7d3070b87031fabd4a053f5b3a3a4a38c1adf90ad8847b5f22238971
    Size: 1.07 MB
  2. varnish-devel-6.6.2-2.el9.1.x86_64.rpm
    MD5: 20a9272b8a6f51578bcff4a0c1eb0896
    SHA-256: fbcd62f36691c95d82992c197a6c925599cf8f77b2a42c65a0b1c498e0e99ae1
    Size: 112.01 kB
  3. varnish-docs-6.6.2-2.el9.1.x86_64.rpm
    MD5: b71a1a01d62cde757166bb50f1db8743
    SHA-256: c236619cba3dfc8e4dccc897b3da76386abfce07d74bc97cb415f68c9c5e9c51
    Size: 646.81 kB
  4. varnish-6.6.2-2.el9.1.i686.rpm
    MD5: d212a0574572fd74438e9c247862d8da
    SHA-256: 532f0adc0a1c3a2c3d85c3013a3dd6c806039b65f491ab190d6fa56063ef2d82
    Size: 1.10 MB
  5. varnish-devel-6.6.2-2.el9.1.i686.rpm
    MD5: fa88b485c0f6dc7f020f68828b1399a3
    SHA-256: d26eda1b3d24301075f53e8fd5cf19ee66601cac9a6165d3867bf7c7c67c598c
    Size: 112.01 kB