Описание
ELSA-2024-1691: varnish security update (IMPORTANT)
[6.6.2-4.1]
- Resolves: RHEL-30387 - varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)
[6.6.2-4]
- Add parameters h2_rst_allowance and h2_rst_allowance_period to mitigate CVE-2023-44487
- Resolves: RHEL-12817
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
varnish
6.6.2-4.el9_3.1
varnish-devel
6.6.2-4.el9_3.1
varnish-docs
6.6.2-4.el9_3.1
Oracle Linux x86_64
varnish
6.6.2-4.el9_3.1
varnish-devel
6.6.2-4.el9_3.1
varnish-docs
6.6.2-4.el9_3.1
Связанные CVE
Связанные уязвимости
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 L ...
