Описание
ELSA-2024-1690: varnish security update (IMPORTANT)
varnish [6.0.13-1]
- new version 6.0.13
- Resolves: RHEL-30378 - varnish:6/varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
varnish-modules
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module varnish:6 is enabled
varnish
6.0.13-1.module+el8.9.0+90264+d552af1c
varnish-devel
6.0.13-1.module+el8.9.0+90264+d552af1c
varnish-docs
6.0.13-1.module+el8.9.0+90264+d552af1c
varnish-modules
0.15.0-6.module+el8.9.0+90264+d552af1c
Oracle Linux x86_64
Module varnish:6 is enabled
varnish
6.0.13-1.module+el8.9.0+90264+d552af1c
varnish-devel
6.0.13-1.module+el8.9.0+90264+d552af1c
varnish-docs
6.0.13-1.module+el8.9.0+90264+d552af1c
varnish-modules
0.15.0-6.module+el8.9.0+90264+d552af1c
Связанные CVE
Связанные уязвимости
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 L ...
