Описание
ELSA-2022-0418: varnish:6 security update (IMPORTANT)
varnish [6.0.8-1.1]
- Resolves: #2047648 - CVE-2022-23959 varnish:6/varnish: Varnish HTTP/1 Request Smuggling Vulnerability
varnish-modules [0.15.0-6]
- Related: #1982862 - rebuild for new varnish version
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module varnish:6 is enabled
varnish
6.0.8-1.module+el8.5.0+20491+1af4e193.1
varnish-devel
6.0.8-1.module+el8.5.0+20491+1af4e193.1
varnish-docs
6.0.8-1.module+el8.5.0+20491+1af4e193.1
varnish-modules
0.15.0-6.module+el8.5.0+20320+0b4af72d
Oracle Linux x86_64
Module varnish:6 is enabled
varnish
6.0.8-1.module+el8.5.0+20491+1af4e193.1
varnish-devel
6.0.8-1.module+el8.5.0+20491+1af4e193.1
varnish-docs
6.0.8-1.module+el8.5.0+20491+1af4e193.1
varnish-modules
0.15.0-6.module+el8.5.0+20320+0b4af72d
Связанные CVE
Связанные уязвимости
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 ...
