varnish:6 security update
エラータID: AXSA:2023-6550:01
Release date:
Friday, October 27, 2023 - 12:56
Subject:
varnish:6 security update
Affected Channels:
Asianux Server 8 for x86_64
Severity:
High
Description:
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in
memory so web servers don't have to create the same web page over and over
again, giving the website a significant speed up.
Security Fix(es):
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack
(Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE(s):
CVE-2023-44487
Modularity name: varnish
Stream name: 6
Solution:
Update packages.
CVEs:
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Additional Info:
N/A
Download:
SRPMS
- varnish-modules-0.15.0-6.module+el8+1676+f8a5e20d.src.rpm
MD5: 94f86e800069a22ac340b694ac30fd69
SHA-256: 6c50a6e11db6429fae85de5899f3ff214cbf683500c859ca0d19d468597727d9
Size: 431.38 kB - varnish-6.0.8-3.module+el8+1676+f8a5e20d.1.ML.1.src.rpm
MD5: f1158fd4f06f042b0ecb913dbd68cecf
SHA-256: 68ff81bcc62857cc066f4520a1630779fc057284c600b3d35b6d11c64473b3a5
Size: 3.08 MB
Asianux Server 8 for x86_64
- varnish-6.0.8-3.module+el8+1676+f8a5e20d.1.ML.1.x86_64.rpm
MD5: d26a4464ed72b5908b958ecd6b2e7c04
SHA-256: 5b9cb1a76d2bf7a5eb2261ae41252dbd8666eaa7ee92b66c14867071db7e60ba
Size: 0.96 MB - varnish-devel-6.0.8-3.module+el8+1676+f8a5e20d.1.ML.1.x86_64.rpm
MD5: d63ff6413cb338ee41ecc74240c6ac96
SHA-256: 0b780e9d1d97fc7e55b67bbc07ccf0abff9ba1cbb96c77a00dc870d8b556672e
Size: 132.18 kB - varnish-docs-6.0.8-3.module+el8+1676+f8a5e20d.1.ML.1.x86_64.rpm
MD5: 29864521aa7daaefd369f88ff2c51a63
SHA-256: 0ea1dbed16a1c433f905a6093aad21dec355aedffb1e0d594646490fc6f19acc
Size: 634.04 kB - varnish-modules-0.15.0-6.module+el8+1676+f8a5e20d.x86_64.rpm
MD5: d5d4bdff660acc3f81fe52813b587600
SHA-256: 14214d38cc4960de6eb340e343da6ff50cbd3e21d740dbe0feef14016b3ce1fa
Size: 81.62 kB - varnish-modules-debugsource-0.15.0-6.module+el8+1676+f8a5e20d.x86_64.rpm
MD5: 23a3003491127f6784f63fc7ed476af2
SHA-256: c26116056690e70fdd7eff4ac87aaa638800895712b6c1288788ae95c9e9bfe2
Size: 31.65 kB
日本語