varnish:6 security update
エラータID: AXSA:2022-4527:01
リリース日:
2022/12/27 Tuesday - 01:52
題名:
varnish:6 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Varnish には、バックエンドのサーバーに対して
無効な HTTP / 1 リクエストを発行する問題があるため、
リモートの攻撃者により、HTTP / 1 リクエストの
コンテキストでは無効な HTTP / 2 疑似ヘッダーに
文字を挿入することを介して、HTTP リクエスト
フォージェリ攻撃を可能とする脆弱性が存在します。
(CVE-2022-45060)
Modularity name: varnish
Stream name: 6
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-45060
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.
追加情報:
N/A
ダウンロード:
SRPMS
- varnish-modules-0.15.0-6.module+el8+1576+d489c25e.src.rpm
MD5: 968f50a02b738186398e2f37d6b77d94
SHA-256: 545d7b37d612a06cddb82e4bf628a68b58221b2ffce2db7fcdb42846fcac1e3a
Size: 431.38 kB - varnish-6.0.8-2.module+el8+1576+d489c25e.1.src.rpm
MD5: 8b2c468ef4af845d940d260930f5cad6
SHA-256: d7bdcf3bbd157caa49ce71ea18be7303ad9f74171769df601f0cf98995fb7daa
Size: 3.07 MB
Asianux Server 8 for x86_64
- varnish-modules-0.15.0-6.module+el8+1576+d489c25e.x86_64.rpm
MD5: 59038907babb933a4dde75f160d986b0
SHA-256: d5b6316cfd26c7c717373eae137dfc579f6dd3efe4821d244af9215b20d676ae
Size: 81.62 kB - varnish-modules-debugsource-0.15.0-6.module+el8+1576+d489c25e.x86_64.rpm
MD5: c52a3cfc99112a3e0d0eb7a6447fb3b2
SHA-256: 7c94043f85bc403dfa864428f5848fb5c4e398477916683829015fd219d926d8
Size: 31.64 kB - varnish-6.0.8-2.module+el8+1576+d489c25e.1.x86_64.rpm
MD5: 5c9555e61b7734d8c581c2e69fbede90
SHA-256: 9e752c087b3451779749bdbc002f49aa5255b6e30e129fbf17902b2e9b2cc5f8
Size: 0.95 MB - varnish-devel-6.0.8-2.module+el8+1576+d489c25e.1.x86_64.rpm
MD5: 381a3b45b09b6ffb9b531e149936f84c
SHA-256: 5f3b40646178a13a8df7a3aae60a6c16962082a4aee19602c23ec0f14776c99f
Size: 131.13 kB - varnish-docs-6.0.8-2.module+el8+1576+d489c25e.1.x86_64.rpm
MD5: f5f3772920ee73176b59f72cabf1695f
SHA-256: e3c2b38f44f8b9678252021515221083a3951fc187a62d8629513362bcc36d93
Size: 633.74 kB
English