varnish:6 security update

エラータID: AXSA:2024-7669:01

Release date: 
Thursday, April 11, 2024 - 17:36
Subject: 
varnish:6 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in
memory so web servers don't have to create the same web page over and over
again, giving the website a significant speed up.

Security Fix(es):

varnish: HTTP/2 Broken Window Attack may result in denial of service
(CVE-2024-30156)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2024-30156
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.

Modularity name: "varnish"
Stream name: "6"

Solution: 

Update packages.

CVEs: 
CVE-2024-30156
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.
Additional Info: 

N/A

Download: 

SRPMS
  1. varnish-modules-0.15.0-6.module+el8+1740+f35fc7a8.src.rpm
    MD5: ba79a734accd0bb38454e8edb900f5c1
    SHA-256: e33e8248ca20d6092f59428be8801e0e5a8ec93fbe51bcef20d2fdf150552fb8
    Size: 431.38 kB
  2. varnish-6.0.13-1.module+el8+1740+f35fc7a8.ML.1.src.rpm
    MD5: d7ab6eab832a8b23ef18cf54aa41f098
    SHA-256: 490173a25e9e730c141b1f9148fd81827a48cdf4bee633b347a4a5e82562be14
    Size: 3.15 MB

Asianux Server 8 for x86_64
  1. varnish-6.0.13-1.module+el8+1740+f35fc7a8.ML.1.x86_64.rpm
    MD5: 13abfa2bbc8aed2c0efb29d4ddeb8aa8
    SHA-256: e2fc2b05dc76217c1afd9ec3c9b13b7404b9c736207501c141faabc34250554e
    Size: 0.97 MB
  2. varnish-devel-6.0.13-1.module+el8+1740+f35fc7a8.ML.1.x86_64.rpm
    MD5: 6f4e6f70e5148dc9bd1eac50f447b390
    SHA-256: cc4e969ee16e3754e155bd427a5b5f0aef279be20cdf97f5861fa90f67171e34
    Size: 132.77 kB
  3. varnish-docs-6.0.13-1.module+el8+1740+f35fc7a8.ML.1.x86_64.rpm
    MD5: ebba716949bc3cab376963a35b79d3e7
    SHA-256: 1d0d71be7d0acaa5d0fd550d1a69af91d88b5bed6d3b1f4a6726c2985df3ba0d
    Size: 555.41 kB
  4. varnish-modules-0.15.0-6.module+el8+1740+f35fc7a8.x86_64.rpm
    MD5: c0b798a96990025563e4ff9c6d0cc3e3
    SHA-256: 40c5e78d8c103889e6fe65e3d05a89d50fcf12b8f517d20d537cc1065cbf3e21
    Size: 81.62 kB
  5. varnish-modules-debugsource-0.15.0-6.module+el8+1740+f35fc7a8.x86_64.rpm
    MD5: caf61b4669afcadfba628942b594f491
    SHA-256: 8412b6330e3940f29a52a98b882b9782a5162af312c9844bf43d651a27e4f9ff
    Size: 31.65 kB