Описание
ELSA-2021-2988: varnish:6 security update (IMPORTANT)
varnish [6.0.6-2.1]
- Resolves: #1982861 - CVE-2021-36740 varnish:6/varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request
varnish-modules [0.15.0-5]
- Related: #1795673 - RFE: rebase varnish:6 to latest 6.0.x LTS
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module varnish:6 is enabled
varnish
6.0.6-2.module+el8.4.0+20258+f99218b2.1
varnish-devel
6.0.6-2.module+el8.4.0+20258+f99218b2.1
varnish-docs
6.0.6-2.module+el8.4.0+20258+f99218b2.1
varnish-modules
0.15.0-5.module+el8.3.0+7653+45014445
Oracle Linux x86_64
Module varnish:6 is enabled
varnish
6.0.6-2.module+el8.4.0+20258+f99218b2.1
varnish-devel
6.0.6-2.module+el8.4.0+20258+f99218b2.1
varnish-docs
6.0.6-2.module+el8.4.0+20258+f99218b2.1
varnish-modules
0.15.0-5.module+el8.3.0+7653+45014445
Связанные CVE
Связанные уязвимости
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL a ...
