ELSA-2024-1691

ELSA-2024-1691 - varnish security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2024-04-09

Description


[6.6.2-4.1]
- Resolves: RHEL-30387 - varnish: HTTP/2 Broken Window Attack may result
in denial of service (CVE-2024-30156)

[6.6.2-4]
- Add parameters h2_rst_allowance and h2_rst_allowance_period to mitigate CVE-2023-44487
- Resolves: RHEL-12817


Related CVEs


CVE-2024-30156

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) varnish-6.6.2-4.el9_3.1.src.rpm8eeb36b7b57f9afc65f49626c0c820ade038351bb093d71340a2e784983af33a-ol9_aarch64_appstream
varnish-6.6.2-4.el9_3.1.src.rpm8eeb36b7b57f9afc65f49626c0c820ade038351bb093d71340a2e784983af33a-ol9_aarch64_codeready_builder
varnish-6.6.2-4.el9_3.1.aarch64.rpmd021988c27259a501fe76fc6db6d12d7a07752bdbaa7b26487c759931133d5d0-ol9_aarch64_appstream
varnish-devel-6.6.2-4.el9_3.1.aarch64.rpm16a0487e4c99e742fabc775b9374f2025d7290d31ff5c89cf05a38396a1b7c1b-ol9_aarch64_codeready_builder
varnish-docs-6.6.2-4.el9_3.1.aarch64.rpm2f51fc4813a6d9c49c605e04c9e5e6f968c8b457355f28f2b80087d7bb53847b-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) varnish-6.6.2-4.el9_3.1.src.rpm8eeb36b7b57f9afc65f49626c0c820ade038351bb093d71340a2e784983af33a-ol9_x86_64_appstream
varnish-6.6.2-4.el9_3.1.src.rpm8eeb36b7b57f9afc65f49626c0c820ade038351bb093d71340a2e784983af33a-ol9_x86_64_codeready_builder
varnish-6.6.2-4.el9_3.1.i686.rpm638f57687ea8b6f505077cebecbd11d8a9d80ce6df20a68a1860231f5800c769-ol9_x86_64_appstream
varnish-6.6.2-4.el9_3.1.x86_64.rpm2cac74793b1627ea475703a625950a57693b4fddbeea1ccee7e2706a7d45c327-ol9_x86_64_appstream
varnish-devel-6.6.2-4.el9_3.1.i686.rpmf87e0b75c5b06b143ef713f7aceeb077f7117df12a5996678cc1e7086106ff3c-ol9_x86_64_codeready_builder
varnish-devel-6.6.2-4.el9_3.1.x86_64.rpmff408a695e04a432ab4f59554af4d061e5f2f5373f87e604d751809eba8395a8-ol9_x86_64_codeready_builder
varnish-docs-6.6.2-4.el9_3.1.x86_64.rpmfa04207c3e8a6770524f1d66138d8d7f5c6bd545e57d036c73d7cfe2503f30f6-ol9_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete