Stay Connected:

ELSA-2024-1691

ELSA-2024-1691 - varnish security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2024-04-09

Description


[6.6.2-4.1]
- Resolves: RHEL-30387 - varnish: HTTP/2 Broken Window Attack may result
in denial of service (CVE-2024-30156)

[6.6.2-4]
- Add parameters h2_rst_allowance and h2_rst_allowance_period to mitigate CVE-2023-44487
- Resolves: RHEL-12817


Related CVEs


CVE-2024-30156

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) varnish-6.6.2-4.el9_3.1.src.rpmb4f942af05227e5659f3358795c3a76b-ol9_aarch64_appstream
varnish-6.6.2-4.el9_3.1.src.rpmb4f942af05227e5659f3358795c3a76b-ol9_aarch64_codeready_builder
varnish-6.6.2-4.el9_3.1.aarch64.rpm3084f665b8db4361a333359abeb76d5e-ol9_aarch64_appstream
varnish-devel-6.6.2-4.el9_3.1.aarch64.rpme78fa7a62a698ad1e7ca76335ef669d9-ol9_aarch64_codeready_builder
varnish-docs-6.6.2-4.el9_3.1.aarch64.rpmfd62dcbc06be011acbc6c83467367932-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) varnish-6.6.2-4.el9_3.1.src.rpmb4f942af05227e5659f3358795c3a76b-ol9_x86_64_appstream
varnish-6.6.2-4.el9_3.1.src.rpmb4f942af05227e5659f3358795c3a76b-ol9_x86_64_codeready_builder
varnish-6.6.2-4.el9_3.1.i686.rpm9f623213fe43bb3d573787f021f838eb-ol9_x86_64_appstream
varnish-6.6.2-4.el9_3.1.x86_64.rpmc294632d91fd94f8fc13ecf651a8433c-ol9_x86_64_appstream
varnish-devel-6.6.2-4.el9_3.1.i686.rpmc3a3fbb66bddb38e929ef9c4095f04d4-ol9_x86_64_codeready_builder
varnish-devel-6.6.2-4.el9_3.1.x86_64.rpmd3fadf9af642e58e74aae492dc79aae0-ol9_x86_64_codeready_builder
varnish-docs-6.6.2-4.el9_3.1.x86_64.rpm3101e1cd14744442f4de35fb382c6d46-ol9_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights