varnish:6 security update
エラータID: AXSA:2021-2381:01
リリース日:
2021/08/24 Tuesday - 02:47
題名:
varnish:6 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- HTTP/2 を有効にした Varnish Cache には Post リクエストの大きな
Content Length ヘッダーを介して、リクエストスマグリングの発生や
VCL による認証が回避される脆弱性があります。(CVE-2021-36740)
Modularity name: varnish
Stream name: 6
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-36740
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
追加情報:
N/A
ダウンロード:
SRPMS
- varnish-modules-0.15.0-5.module+el8+1297+d995ec21.src.rpm
MD5: f2f3787674e9d08939c36e606fe6b84d
SHA-256: 95f6c943f3519fbaf627e05b98db09f81f8278dc320831cf8790b2fdc049182a
Size: 431.27 kB - varnish-6.0.6-2.module+el8+1297+d995ec21.1.src.rpm
MD5: ac65566a68b2a34b6814bfce500b19f9
SHA-256: 10096b3d50fa71caa683285133d3896351356a43a549d62bce678e4ee3f351c5
Size: 3.05 MB
Asianux Server 8 for x86_64
- varnish-modules-0.15.0-5.module+el8+1297+d995ec21.x86_64.rpm
MD5: 439d06fc52c747b3da831b342c228b69
SHA-256: 7ae5f0dee3d49bdee273e89d223c6774b6141b722d0387e8c2ef154b28ab3d31
Size: 81.47 kB - varnish-modules-debugsource-0.15.0-5.module+el8+1297+d995ec21.x86_64.rpm
MD5: e0b2bfcdb9d9739c36831684b418fdc6
SHA-256: 10c4005f7aec67d4e4d8c5032541c48582814f337e5b6eba2be9423f05f53292
Size: 31.55 kB - varnish-6.0.6-2.module+el8+1297+d995ec21.1.x86_64.rpm
MD5: 8242189c282c27678cfda3d5687b4ba5
SHA-256: 5edb856d04b800cb86554c2e81eb36fe6260afa4f16ac2f34699aaae3b105265
Size: 970.41 kB - varnish-devel-6.0.6-2.module+el8+1297+d995ec21.1.x86_64.rpm
MD5: 43b58e4b95657de5da601a5203b9acd3
SHA-256: 8bf0db81b451ecaf89b791b1a93c241824719dfa2998d93af99a7294d79f69ba
Size: 130.40 kB - varnish-docs-6.0.6-2.module+el8+1297+d995ec21.1.x86_64.rpm
MD5: 40611b7b7b7b04299d4a81e7a2153f18
SHA-256: 6b9b10955d8766f775863c78ed3d0e622da5effa314f3ce977a6d5803818d10e
Size: 630.51 kB