AXSA:2022-3192:01

リリース日: 
2022/05/26 Thursday - 00:36
題名: 
rh-varnish6-varnish-6.0.8-2.el7.1
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in
memory so web servers don't have to create the same web page over and over
again, giving the website a significant speed up.

Security Fix(es):

* varnish: HTTP/1 request smuggling vulnerability (CVE-2022-23959)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2022-23959
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before
6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x
before 6.0.9r4, request smuggling can occur for HTTP/1 connections.

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
  1. rh-varnish6-varnish-6.0.8-2.el7.1.src.rpm
    MD5: 47b34bca26987ff6822f42fc5794b9c6
    SHA-256: 7bdc370499dd9c7f93f4f0ff4550a0e4feea90e6eaa02ba2264201f1e5241f4f
    Size: 3.07 MB

Asianux Server 7 for x86_64
  1. rh-varnish6-varnish-6.0.8-2.el7.1.x86_64.rpm
    MD5: 6f92f139aa8e8ff103be7660ff514ad2
    SHA-256: 0a4a277c79fafcd761b4cd1ecee36e2abe9326079a72fe1adeda7631d36b245a
    Size: 2.03 MB
  2. rh-varnish6-varnish-devel-6.0.8-2.el7.1.x86_64.rpm
    MD5: c1db1772aa72e05d449b691422f2bd7a
    SHA-256: 19abfedc75affc272349c9f74c21a66f3ca4c5e3c33948e42c96074e10aefd4c
    Size: 137.32 kB
  3. rh-varnish6-varnish-libs-6.0.8-2.el7.1.x86_64.rpm
    MD5: 08185ce8e42d3fbdfaf5383fa1754f3f
    SHA-256: 5f6d7fdeec1d52d4bf54a80aa3a49520b0fe71de6d634307a55b31eff370438d
    Size: 383.55 kB
Copyright 2007-2022 Cybertrust Japan Co., Ltd. All rights reserved.