ALSA-2023:5989

[ALSA-2023:5989] Important: varnish security update

Type:

security

Severity:

important

Release date:

2023-10-25

Description:

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

Security Fix(es):

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	varnish-modules-0.15.0-6.module_el8.5.0+2620+03a0c2cc.aarch64.rpm	05cbad74192ade6ad5372b3c2a7fa6605599b836ebe6eb13155d5b6cf31661ef
aarch64	varnish-6.0.8-3.module_el8.8.0+3665+0b8dabc5.1.alma.1.aarch64.rpm	241f6d371308489076dd573135ccf806f45393e6b55cf16aa68e5aca14352e94
aarch64	varnish-devel-6.0.8-3.module_el8.8.0+3665+0b8dabc5.1.alma.1.aarch64.rpm	78eebf4e8175c6b32ea29ff7ac9373e6987edb898dc5cec6c6ba0f15eef3cb90
aarch64	varnish-docs-6.0.8-3.module_el8.8.0+3665+0b8dabc5.1.alma.1.aarch64.rpm	af97052bb327b6fc0cb71ff3a6189e1ec78befc347a51a5331f807f6b6faf5a2
ppc64le	varnish-devel-6.0.8-3.module_el8.8.0+3665+0b8dabc5.1.alma.1.ppc64le.rpm	1adbd4d73d45277f0b6ced22bcba522d10508f858aeb1e53a1fcd6dd49f93830
ppc64le	varnish-docs-6.0.8-3.module_el8.8.0+3665+0b8dabc5.1.alma.1.ppc64le.rpm	39adeb271e2eedd4b50f05458a8102d1bbd530a1d19a9c0b378a73acec4a2246
ppc64le	varnish-6.0.8-3.module_el8.8.0+3665+0b8dabc5.1.alma.1.ppc64le.rpm	46db78863e8a9dcf1dedeb9610062d2fc025bd071ce58af0c1d857f75d5565ba
ppc64le	varnish-modules-0.15.0-6.module_el8.5.0+76+a10ffa55.ppc64le.rpm	de1f5422f92056ada37c2bfa75ad55a3aa44fe2f7a44f79ab9c43a70ab16cd22
s390x	varnish-6.0.8-3.module_el8.8.0+3665+0b8dabc5.1.alma.1.s390x.rpm	82754d18c975aa479eaf39059cfb55a388f9eed2c33404a5f4a884fb6d67788d
s390x	varnish-devel-6.0.8-3.module_el8.8.0+3665+0b8dabc5.1.alma.1.s390x.rpm	d64f4924838ce33e038dc6d68a68cc4bfd6236c11cdc77e0ab85361a502e7ef2
s390x	varnish-modules-0.15.0-6.module_el8.6.0+3089+dac88e97.s390x.rpm	f87b7bda5607c3d394f1298c744e857d5fa547aa968815ad8846b1da44910b24
s390x	varnish-docs-6.0.8-3.module_el8.8.0+3665+0b8dabc5.1.alma.1.s390x.rpm	fed82212378de2346b0b92718f3802eb54206f6d0290f5cd45cdaaa3005064ac
x86_64	varnish-6.0.8-3.module_el8.8.0+3665+0b8dabc5.1.alma.1.x86_64.rpm	1ea761a6f0101212bd4434a8d662e166556bff69b9ff9bef73a1c155dee9a3b0
x86_64	varnish-devel-6.0.8-3.module_el8.8.0+3665+0b8dabc5.1.alma.1.x86_64.rpm	95618c5342b5487f59d92d6d776517d134a9bca37cc5105a6340d86786e31f85
x86_64	varnish-docs-6.0.8-3.module_el8.8.0+3665+0b8dabc5.1.alma.1.x86_64.rpm	ab24b5d81210eef4ec90fa544af0868dc17b79cc3557ad1e462350f5ad6292d2
x86_64	varnish-modules-0.15.0-6.module_el8.5.0+2620+03a0c2cc.x86_64.rpm	d14528a6c5a830869b9cbd412cf7f902c031ee49f71e422df6dc81124b0f3440

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.