Описание
ELSA-2025-8336: varnish:6 security update (IMPORTANT)
varnish [6.0.13-1.1]
- Resolves: RHEL-89695 - varnish: request smuggling attacks (CVE-2025-47905)
varnish-modules
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module varnish:6 is enabled
varnish
6.0.13-1.module+el8.10.0+90594+95ad0b53.1
varnish-devel
6.0.13-1.module+el8.10.0+90594+95ad0b53.1
varnish-docs
6.0.13-1.module+el8.10.0+90594+95ad0b53.1
varnish-modules
0.15.0-6.module+el8.10.0+90594+95ad0b53
Oracle Linux x86_64
Module varnish:6 is enabled
varnish
6.0.13-1.module+el8.10.0+90594+95ad0b53.1
varnish-devel
6.0.13-1.module+el8.10.0+90594+95ad0b53.1
varnish-docs
6.0.13-1.module+el8.10.0+90594+95ad0b53.1
varnish-modules
0.15.0-6.module+el8.10.0+90594+95ad0b53
Связанные CVE
Связанные уязвимости
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterpris ...
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.