RHSA-2022:0418: Red Hat Security Advisory: varnish:6 security update

Skip to navigation Skip to main content

Utilities

• Subscriptions
• Downloads
• Containers
• Support Cases

Infrastructure and Management

• Red Hat Enterprise Linux
• Red Hat Virtualization
• Red Hat Identity Management
• Red Hat Directory Server
• Red Hat Certificate System
• Red Hat Satellite
• Red Hat Subscription Management
• Red Hat Update Infrastructure
• Red Hat Insights
• Red Hat Ansible Automation Platform

Cloud Computing

• Red Hat OpenShift
• Red Hat CloudForms
• Red Hat OpenStack Platform
• Red Hat OpenShift Container Platform
• Red Hat OpenShift Data Science
• Red Hat OpenShift Online
• Red Hat OpenShift Dedicated
• Red Hat Advanced Cluster Security for Kubernetes
• Red Hat Advanced Cluster Management for Kubernetes
• Red Hat Quay
• Red Hat CodeReady Workspaces
• Red Hat OpenShift Service on AWS

Storage

• Red Hat Gluster Storage
• Red Hat Hyperconverged Infrastructure
• Red Hat Ceph Storage
• Red Hat OpenShift Data Foundation

Runtimes

• Red Hat Runtimes
• Red Hat JBoss Enterprise Application Platform
• Red Hat Data Grid
• Red Hat JBoss Web Server
• Red Hat Single Sign On
• Red Hat support for Spring Boot
• Red Hat build of Node.js
• Red Hat build of Thorntail
• Red Hat build of Eclipse Vert.x
• Red Hat build of OpenJDK
• Red Hat build of Quarkus
• Red Hat CodeReady Studio

Integration and Automation

• Red Hat Process Automation
• Red Hat Process Automation Manager
• Red Hat Decision Manager

All Products

Issued:

2022-02-03

Updated:

2022-02-03

RHSA-2022:0418 - Security Advisory

• Overview
• Updated Packages

Synopsis

Important: varnish:6 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don’t have to create the same web page over and over again, giving the website a significant speed up.

Security Fix(es):

• varnish: HTTP/1 request smuggling vulnerability (CVE-2022-23959)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le
• Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

• BZ - 2045031 - CVE-2022-23959 varnish: HTTP/1 request smuggling vulnerability

Red Hat Enterprise Linux for x86_64 8

SRPM

varnish-6.0.8-1.module+el8.5.0+14089+03a0c2cc.1.src.rpm

SHA-256: 4ea45960c6f535a1a65d060a31f133512f2a53117c5cef928e182f4705f2a4ff

varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.src.rpm

SHA-256: 4ebfe062040be919d50f2878a1a35f8990a676c8e210ee2c64ce31e447eda88c

x86_64

varnish-6.0.8-1.module+el8.5.0+14089+03a0c2cc.1.x86_64.rpm

SHA-256: c392ca762a1380071f462d909c244f893aa26e460495eb45d84d34b906092401

varnish-devel-6.0.8-1.module+el8.5.0+14089+03a0c2cc.1.x86_64.rpm

SHA-256: da99019ec2273d13651fe411f277e76a53b6117843ee49900fa0c92660cf104a

varnish-docs-6.0.8-1.module+el8.5.0+14089+03a0c2cc.1.x86_64.rpm

SHA-256: 1a1dd405f60fd07ec559042253f7a0f21e40f5ab7cddb1650cdba51cc7f30b98

varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm

SHA-256: 221f156f879f6969b2af2f2ccccba211ceb121381d01ac5409e6a7da963d6bfb

varnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm

SHA-256: 36af9dc02305d588e625d62a337c3a461722cd7205496ec3335589b20482ecc1

varnish-modules-debugsource-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm

SHA-256: 31eae30e8f83b9332500cbb394b84dce0ff9eea218040b7e76f157d24a2a7a71

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

varnish-6.0.8-1.module+el8.5.0+14089+03a0c2cc.1.src.rpm

SHA-256: 4ea45960c6f535a1a65d060a31f133512f2a53117c5cef928e182f4705f2a4ff

varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.src.rpm

SHA-256: 4ebfe062040be919d50f2878a1a35f8990a676c8e210ee2c64ce31e447eda88c

s390x

varnish-6.0.8-1.module+el8.5.0+14089+03a0c2cc.1.s390x.rpm

SHA-256: cb3dc89c1a4ea132c755dbf46818ea07b4240351e9b573ace19ec60cc662bd3e

varnish-devel-6.0.8-1.module+el8.5.0+14089+03a0c2cc.1.s390x.rpm

SHA-256: 246c9664dbc227e0cf50be44f127a79617568bde2f3e4d16db07c42730a8e194

varnish-docs-6.0.8-1.module+el8.5.0+14089+03a0c2cc.1.s390x.rpm

SHA-256: 60d483face36222eb1c525727d064822555e9496fa06e5e94dc9b186f77291c7

varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x.rpm

SHA-256: 8166d71b6b85155f105a10550f19e93b96c377e2f613f4c4c26e9a6758773512

varnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x.rpm

SHA-256: 0f4a76a6f8c26c1128375e361cb97d2c886ade9bd6eb6d2da780b3e6f72fd64c

varnish-modules-debugsource-0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x.rpm

SHA-256: 1118d2b495c331ac4a89d807e4278185625aa4fabff1efb6526678418e40ce3b

Red Hat Enterprise Linux for Power, little endian 8

SRPM

varnish-6.0.8-1.module+el8.5.0+14089+03a0c2cc.1.src.rpm

SHA-256: 4ea45960c6f535a1a65d060a31f133512f2a53117c5cef928e182f4705f2a4ff

varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.src.rpm

SHA-256: 4ebfe062040be919d50f2878a1a35f8990a676c8e210ee2c64ce31e447eda88c

ppc64le

varnish-6.0.8-1.module+el8.5.0+14089+03a0c2cc.1.ppc64le.rpm

SHA-256: 0d3ae821437db04f1adfc03d725dcca733d7e0b4893457dc91bf414f4326505d

varnish-devel-6.0.8-1.module+el8.5.0+14089+03a0c2cc.1.ppc64le.rpm

SHA-256: 469eee864f38ef468dc80bf07c2447cb4fe2d7c2dda19f78fa5eac628a896801

varnish-docs-6.0.8-1.module+el8.5.0+14089+03a0c2cc.1.ppc64le.rpm

SHA-256: f58d54c136a4f15536ab4b03823d2ea526d47a0929c3ba5ad1e6cd5ae1377cce

varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le.rpm

SHA-256: 5aa000a67dbaea78f3c7e06e3e47cb6d5ed27466e64e7cbd6e375d4ac30f5dc4

varnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le.rpm

SHA-256: e4cffa9afc9e318c18dcca237772c2237c8b08717ab56dda529d94d1772abafc

varnish-modules-debugsource-0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le.rpm

SHA-256: 6535f94cd88b59b197081f74ea87859289d8bccb40be675493ad61a79d21214a

Red Hat Enterprise Linux for ARM 64 8

SRPM

varnish-6.0.8-1.module+el8.5.0+14089+03a0c2cc.1.src.rpm

SHA-256: 4ea45960c6f535a1a65d060a31f133512f2a53117c5cef928e182f4705f2a4ff

varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.src.rpm

SHA-256: 4ebfe062040be919d50f2878a1a35f8990a676c8e210ee2c64ce31e447eda88c

aarch64

varnish-6.0.8-1.module+el8.5.0+14089+03a0c2cc.1.aarch64.rpm

SHA-256: 07a8b5c43e8c88c58f1f905e31301fe66760dcc7cb8282b29cfceb2e679491bf

varnish-devel-6.0.8-1.module+el8.5.0+14089+03a0c2cc.1.aarch64.rpm

SHA-256: 162233d87e82d40c3570f0469042d7c0bf7eef1737675e10823201da3021a641

varnish-docs-6.0.8-1.module+el8.5.0+14089+03a0c2cc.1.aarch64.rpm

SHA-256: 37af94dfcd63841754c416993796c2c7e6ebf2f604e2173e81fe03e3e08d135a

varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64.rpm

SHA-256: e882c7096da09ad91dfd556cd565f38e0d35023f5aa0a5233da682fa54df8cf0

varnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64.rpm

SHA-256: 4278121d0b416246faf799277094abd997146e564413376c11a5893b68a33f33

varnish-modules-debugsource-0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64.rpm

SHA-256: a91b9c71657c6474f52e2dd3e4a573d3d8b999b7b0e2135e4febe56db54a7c4a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.