(RHSA-2024:3426) Important: varnish:6 security update

2024-05-2813:07:49

access.redhat.com

varnish cache

http accelerator

denial of service

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Varnish Cache is a high-performance HTTP accelerator. It stores web pages
in memory so web servers don’t have to create the same web page over and over
again, giving the website a significant speed up.

Security Fix(es):

varnish:6: HTTP/2 Broken Window Attack may result in denial of service
(CVE-2024-30156)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyppc64levarnish-devel< 6.0.8-2.module+el8.6.0+21852+17475f6a.3varnish-devel-6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le.rpm
RedHatanys390xvarnish-docs< 6.0.8-2.module+el8.6.0+21852+17475f6a.3varnish-docs-6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x.rpm
RedHatanyppc64levarnish-docs< 6.0.8-2.module+el8.6.0+21852+17475f6a.3varnish-docs-6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le.rpm
RedHatanyppc64levarnish-modules-debuginfo< 0.15.0-6.module+el8.5.0+11976+0b4af72dvarnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le.rpm
RedHatanyaarch64varnish< 6.0.8-2.module+el8.6.0+21852+17475f6a.3varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64.rpm
RedHatanys390xvarnish-devel< 6.0.8-2.module+el8.6.0+21852+17475f6a.3varnish-devel-6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x.rpm
RedHatanys390xvarnish-modules-debuginfo< 0.15.0-6.module+el8.5.0+11976+0b4af72dvarnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x.rpm
RedHatanyppc64levarnish< 6.0.8-2.module+el8.6.0+21852+17475f6a.3varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le.rpm
RedHatanyppc64levarnish-modules< 0.15.0-6.module+el8.5.0+11976+0b4af72dvarnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le.rpm
RedHatanyppc64levarnish-modules-debugsource< 0.15.0-6.module+el8.5.0+11976+0b4af72dvarnish-modules-debugsource-0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	ppc64le	varnish-devel	< 6.0.8-2.module+el8.6.0+21852+17475f6a.3	varnish-devel-6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le.rpm
RedHat	any	s390x	varnish-docs	< 6.0.8-2.module+el8.6.0+21852+17475f6a.3	varnish-docs-6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x.rpm
RedHat	any	ppc64le	varnish-docs	< 6.0.8-2.module+el8.6.0+21852+17475f6a.3	varnish-docs-6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le.rpm
RedHat	any	ppc64le	varnish-modules-debuginfo	< 0.15.0-6.module+el8.5.0+11976+0b4af72d	varnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le.rpm
RedHat	any	aarch64	varnish	< 6.0.8-2.module+el8.6.0+21852+17475f6a.3	varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.aarch64.rpm
RedHat	any	s390x	varnish-devel	< 6.0.8-2.module+el8.6.0+21852+17475f6a.3	varnish-devel-6.0.8-2.module+el8.6.0+21852+17475f6a.3.s390x.rpm
RedHat	any	s390x	varnish-modules-debuginfo	< 0.15.0-6.module+el8.5.0+11976+0b4af72d	varnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x.rpm
RedHat	any	ppc64le	varnish	< 6.0.8-2.module+el8.6.0+21852+17475f6a.3	varnish-6.0.8-2.module+el8.6.0+21852+17475f6a.3.ppc64le.rpm
RedHat	any	ppc64le	varnish-modules	< 0.15.0-6.module+el8.5.0+11976+0b4af72d	varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le.rpm
RedHat	any	ppc64le	varnish-modules-debugsource	< 0.15.0-6.module+el8.5.0+11976+0b4af72d	varnish-modules-debugsource-0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le.rpm