[ALSA-2025:8550] Important: varnish security update
Type:
security
Severity:
important
Release date:
2025-06-06
Description:
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fix(es): * varnish: request smuggling attacks (CVE-2025-47905) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 varnish-docs-7.6.1-2.el10_0.1.aarch64.rpm 72639ec60e34ab577bde621d7dafc58e22b37abe31479eeaa2f58617caff1f21
aarch64 varnish-7.6.1-2.el10_0.1.aarch64.rpm d566894491afd8e7721de8c9228f63ff23c982039919389fac60c02e62a0a03e
aarch64 varnish-devel-7.6.1-2.el10_0.1.aarch64.rpm f835166d0555601c16ddf945adb77c9bae282d2aa65ccfafe8e4e71e87bb0ded
ppc64le varnish-devel-7.6.1-2.el10_0.1.ppc64le.rpm 9300c557d0f1c3f24612ce4eb7b6a5e9068ea5078d71e05c6af313aefe3895ab
ppc64le varnish-7.6.1-2.el10_0.1.ppc64le.rpm 946123b70ab4cc0718ed83aa0e1cdb9feaf80370d754c50a39b1746c81a9c40f
ppc64le varnish-docs-7.6.1-2.el10_0.1.ppc64le.rpm c24847f9c93815bbcd89193b6eba9d11cd099fa891d7ed0683ea807f410fca3d
s390x varnish-7.6.1-2.el10_0.1.s390x.rpm 62269b0d17ef4f14d30bb9413169e964ad0267dc8f576bcea950645561c23b8e
s390x varnish-docs-7.6.1-2.el10_0.1.s390x.rpm 8c4e27b60dc96ec4d8820e2aa4bff97da95f6168459315157f022de82d3c3457
s390x varnish-devel-7.6.1-2.el10_0.1.s390x.rpm b1ae1019a7c87b1ca9281d7117fcdd504e514923d09acf8d6fb428ed6ee53eac
x86_64 varnish-devel-7.6.1-2.el10_0.1.x86_64.rpm 872c1c2558d4a76094f2796033798c0b718fc107f89b41b6c156e6aab2ffb280
x86_64 varnish-7.6.1-2.el10_0.1.x86_64.rpm ae31d92e8f072ed3c99820c37806b4195fb2c746527f92575d258b92d5581eff
x86_64 varnish-docs-7.6.1-2.el10_0.1.x86_64.rpm f47fbc964ca1e0488154703628e92c24ecaa840d6ff90397204145b8d9191312
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.