ELSA-2024-1691

ULN >
Oracle Linux Errata repository >
ELSA-2024-1691

ELSA-2024-1691 - varnish security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2024-04-09

Description

[6.6.2-4.1]
- Resolves: RHEL-30387 - varnish: HTTP/2 Broken Window Attack may result
in denial of service (CVE-2024-30156)

[6.6.2-4]
- Add parameters h2_rst_allowance and h2_rst_allowance_period to mitigate CVE-2023-44487
- Resolves: RHEL-12817

Related CVEs

CVE-2024-30156

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	varnish-6.6.2-4.el9_3.1.src.rpm	8eeb36b7b57f9afc65f49626c0c820ade038351bb093d71340a2e784983af33a	-	ol9_aarch64_appstream
	varnish-6.6.2-4.el9_3.1.src.rpm	8eeb36b7b57f9afc65f49626c0c820ade038351bb093d71340a2e784983af33a	-	ol9_aarch64_codeready_builder
	varnish-6.6.2-4.el9_3.1.aarch64.rpm	d021988c27259a501fe76fc6db6d12d7a07752bdbaa7b26487c759931133d5d0	-	ol9_aarch64_appstream
	varnish-devel-6.6.2-4.el9_3.1.aarch64.rpm	16a0487e4c99e742fabc775b9374f2025d7290d31ff5c89cf05a38396a1b7c1b	-	ol9_aarch64_codeready_builder
	varnish-docs-6.6.2-4.el9_3.1.aarch64.rpm	2f51fc4813a6d9c49c605e04c9e5e6f968c8b457355f28f2b80087d7bb53847b	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	varnish-6.6.2-4.el9_3.1.src.rpm	8eeb36b7b57f9afc65f49626c0c820ade038351bb093d71340a2e784983af33a	-	ol9_x86_64_appstream
	varnish-6.6.2-4.el9_3.1.src.rpm	8eeb36b7b57f9afc65f49626c0c820ade038351bb093d71340a2e784983af33a	-	ol9_x86_64_codeready_builder
	varnish-6.6.2-4.el9_3.1.i686.rpm	638f57687ea8b6f505077cebecbd11d8a9d80ce6df20a68a1860231f5800c769	-	ol9_x86_64_appstream
	varnish-6.6.2-4.el9_3.1.x86_64.rpm	2cac74793b1627ea475703a625950a57693b4fddbeea1ccee7e2706a7d45c327	-	ol9_x86_64_appstream
	varnish-devel-6.6.2-4.el9_3.1.i686.rpm	f87e0b75c5b06b143ef713f7aceeb077f7117df12a5996678cc1e7086106ff3c	-	ol9_x86_64_codeready_builder
	varnish-devel-6.6.2-4.el9_3.1.x86_64.rpm	ff408a695e04a432ab4f59554af4d061e5f2f5373f87e604d751809eba8395a8	-	ol9_x86_64_codeready_builder
	varnish-docs-6.6.2-4.el9_3.1.x86_64.rpm	fa04207c3e8a6770524f1d66138d8d7f5c6bd545e57d036c73d7cfe2503f30f6	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691