Important: varnish security update

2024-04-0800:00:00

errata.almalinux.org

varnish cache

http accelerator

security fix

http/2 broken window attack

denial of service

cve-2024-30156

references

unix

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.7%

JSON

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don’t have to create the same web page over and over again, giving the website a significant speed up.

Security Fix(es):

varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8x86_64varnish< 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1varnish-6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1.x86_64.rpm
almalinux8x86_64varnish-docs< 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1varnish-docs-6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1.x86_64.rpm
almalinux8x86_64varnish-devel< 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1varnish-devel-6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1.x86_64.rpm
almalinux8x86_64varnish-modules< 0.15.0-6.module_el8.5.0+2620+03a0c2ccPackages/varnish-modules-0.15.0-6.module_el8.5.0+2620+03a0c2cc.x86_64.rpm
almalinux8aarch64varnish-modules< 0.15.0-6.module_el8.5.0+2620+03a0c2ccPackages/varnish-modules-0.15.0-6.module_el8.5.0+2620+03a0c2cc.aarch64.rpm
almalinux8aarch64varnish< 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1varnish-6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1.aarch64.rpm
almalinux8aarch64varnish-devel< 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1varnish-devel-6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1.aarch64.rpm
almalinux8aarch64varnish-docs< 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1varnish-docs-6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1.aarch64.rpm
almalinux8ppc64levarnish-docs< 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1varnish-docs-6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1.ppc64le.rpm
almalinux8ppc64levarnish< 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1varnish-6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	8	x86_64	varnish	< 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1	varnish-6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1.x86_64.rpm
almalinux	8	x86_64	varnish-docs	< 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1	varnish-docs-6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1.x86_64.rpm
almalinux	8	x86_64	varnish-devel	< 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1	varnish-devel-6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1.x86_64.rpm
almalinux	8	x86_64	varnish-modules	< 0.15.0-6.module_el8.5.0+2620+03a0c2cc	Packages/varnish-modules-0.15.0-6.module_el8.5.0+2620+03a0c2cc.x86_64.rpm
almalinux	8	aarch64	varnish-modules	< 0.15.0-6.module_el8.5.0+2620+03a0c2cc	Packages/varnish-modules-0.15.0-6.module_el8.5.0+2620+03a0c2cc.aarch64.rpm
almalinux	8	aarch64	varnish	< 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1	varnish-6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1.aarch64.rpm
almalinux	8	aarch64	varnish-devel	< 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1	varnish-devel-6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1.aarch64.rpm
almalinux	8	aarch64	varnish-docs	< 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1	varnish-docs-6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1.aarch64.rpm
almalinux	8	ppc64le	varnish-docs	< 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1	varnish-docs-6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1.ppc64le.rpm
almalinux	8	ppc64le	varnish	< 6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1	varnish-6.0.13-1.module_el8.9.0+3786+e8a73bbf.alma.1.ppc64le.rpm