Описание
ELSA-2025-8337: varnish security update (IMPORTANT)
[6.6.2-6.1]
- Resolves: RHEL-89700 - varnish: request smuggling attacks (CVE-2025-47905)
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
varnish
6.6.2-6.el9_6.1
varnish-devel
6.6.2-6.el9_6.1
varnish-docs
6.6.2-6.el9_6.1
Oracle Linux x86_64
varnish
6.6.2-6.el9_6.1
varnish-devel
6.6.2-6.el9_6.1
varnish-docs
6.6.2-6.el9_6.1
Связанные CVE
Связанные уязвимости
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterpris ...
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.