Headline
RHSA-2022:0422: Red Hat Security Advisory: varnish:6 security update
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-23959: varnish: HTTP/1 request smuggling vulnerability
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
- Red Hat CodeReady Studio
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-02-03
Updated:
2022-02-03
RHSA-2022:0422 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: varnish:6 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don’t have to create the same web page over and over again, giving the website a significant speed up.
Security Fix(es):
- varnish: HTTP/1 request smuggling vulnerability (CVE-2022-23959)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
- Red Hat Enterprise Linux Server - AUS 8.4 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.4 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64
Fixes
- BZ - 2045031 - CVE-2022-23959 varnish: HTTP/1 request smuggling vulnerability
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4
SRPM
varnish-6.0.6-2.module+el8.4.0+14090+331e4860.2.src.rpm
SHA-256: 248de343fd31d79e55a591d72ecdc4c141d714b66afc2dfd6656ebd325f5baa3
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm
SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb
x86_64
varnish-6.0.6-2.module+el8.4.0+14090+331e4860.2.x86_64.rpm
SHA-256: f1ecbbbe47fe241302734a6bb6c099249c1f8624acf31eb4e42ca75a02c2f22c
varnish-devel-6.0.6-2.module+el8.4.0+14090+331e4860.2.x86_64.rpm
SHA-256: 05a2b5cbbc775fc46a9dee5a30ca93606b3fffdca67b4788efac818991b14a60
varnish-docs-6.0.6-2.module+el8.4.0+14090+331e4860.2.x86_64.rpm
SHA-256: 6db4d4d674867961710b4846c511945657bd9f2c93735ff59cb789a23e821a10
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm
SHA-256: 920ed07b7c2c15cf5d3e381e340fc2cd5e0021fe4766833033877a9f68f35ab0
varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm
SHA-256: 90ca3131462169fc8032b17f247172f9884af877acc046b1378a10bc9aad20cc
varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm
SHA-256: 24e2c0f35c0d4f3cee3ebf383f6679c0cf441bc68e131c4450d856c87b4b8913
Red Hat Enterprise Linux Server - AUS 8.4
SRPM
varnish-6.0.6-2.module+el8.4.0+14090+331e4860.2.src.rpm
SHA-256: 248de343fd31d79e55a591d72ecdc4c141d714b66afc2dfd6656ebd325f5baa3
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm
SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb
x86_64
varnish-6.0.6-2.module+el8.4.0+14090+331e4860.2.x86_64.rpm
SHA-256: f1ecbbbe47fe241302734a6bb6c099249c1f8624acf31eb4e42ca75a02c2f22c
varnish-devel-6.0.6-2.module+el8.4.0+14090+331e4860.2.x86_64.rpm
SHA-256: 05a2b5cbbc775fc46a9dee5a30ca93606b3fffdca67b4788efac818991b14a60
varnish-docs-6.0.6-2.module+el8.4.0+14090+331e4860.2.x86_64.rpm
SHA-256: 6db4d4d674867961710b4846c511945657bd9f2c93735ff59cb789a23e821a10
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm
SHA-256: 920ed07b7c2c15cf5d3e381e340fc2cd5e0021fe4766833033877a9f68f35ab0
varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm
SHA-256: 90ca3131462169fc8032b17f247172f9884af877acc046b1378a10bc9aad20cc
varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm
SHA-256: 24e2c0f35c0d4f3cee3ebf383f6679c0cf441bc68e131c4450d856c87b4b8913
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4
SRPM
varnish-6.0.6-2.module+el8.4.0+14090+331e4860.2.src.rpm
SHA-256: 248de343fd31d79e55a591d72ecdc4c141d714b66afc2dfd6656ebd325f5baa3
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm
SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb
s390x
varnish-6.0.6-2.module+el8.4.0+14090+331e4860.2.s390x.rpm
SHA-256: a717da41427d10a76111a7393fcecac5f1b6804f0061aa932fb6bbe25293c225
varnish-devel-6.0.6-2.module+el8.4.0+14090+331e4860.2.s390x.rpm
SHA-256: aede92715133914b16da287eef2a3e6b4ab41d4bec51ba337000c138bc8abb98
varnish-docs-6.0.6-2.module+el8.4.0+14090+331e4860.2.s390x.rpm
SHA-256: 2a6c3a6ec972c9350835f36cda6ec292d9d72e3c3e173a5c14c27fcbfed6db81
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.s390x.rpm
SHA-256: fda57aecdd7a98c814da3d45267cc31faf5583a79bd77f1f63d7fb81ce0e1305
varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.s390x.rpm
SHA-256: f77c342aa51b60d07424cfa256965d10e2c098fd46899633c0b50a1352b74ff3
varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.s390x.rpm
SHA-256: 9b23b45143e59025215fafd4af7e53c270c9b1d8f07421e15ced4ff333e964fe
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4
SRPM
varnish-6.0.6-2.module+el8.4.0+14090+331e4860.2.src.rpm
SHA-256: 248de343fd31d79e55a591d72ecdc4c141d714b66afc2dfd6656ebd325f5baa3
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm
SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb
ppc64le
varnish-6.0.6-2.module+el8.4.0+14090+331e4860.2.ppc64le.rpm
SHA-256: 845ec7955d10395f0ad3a772d174e67ffbc559cb0483884ca0a1659eb8a456c3
varnish-devel-6.0.6-2.module+el8.4.0+14090+331e4860.2.ppc64le.rpm
SHA-256: dcb257aa8d2e9dd86cdd2eb7672738907e8321b3cf64de4739f63dd0691b21b1
varnish-docs-6.0.6-2.module+el8.4.0+14090+331e4860.2.ppc64le.rpm
SHA-256: fb6ba0d1e82542022d26316222ac2ccf2b8b925823a321a44fe599eb38044d33
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le.rpm
SHA-256: 4dc937261656c078b6e2d48e7832cbdbcc99f0a81a88ef1f40ed31262e913f81
varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le.rpm
SHA-256: 261977ebd56c3a590669ab62136a0e3c63db106a9593d6c9c8cbcb4c86f20958
varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le.rpm
SHA-256: cc85d7217f2ab315596aa177d4dbbdf7ae287710325bfbf3468a2e5625dead49
Red Hat Enterprise Linux Server - TUS 8.4
SRPM
varnish-6.0.6-2.module+el8.4.0+14090+331e4860.2.src.rpm
SHA-256: 248de343fd31d79e55a591d72ecdc4c141d714b66afc2dfd6656ebd325f5baa3
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm
SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb
x86_64
varnish-6.0.6-2.module+el8.4.0+14090+331e4860.2.x86_64.rpm
SHA-256: f1ecbbbe47fe241302734a6bb6c099249c1f8624acf31eb4e42ca75a02c2f22c
varnish-devel-6.0.6-2.module+el8.4.0+14090+331e4860.2.x86_64.rpm
SHA-256: 05a2b5cbbc775fc46a9dee5a30ca93606b3fffdca67b4788efac818991b14a60
varnish-docs-6.0.6-2.module+el8.4.0+14090+331e4860.2.x86_64.rpm
SHA-256: 6db4d4d674867961710b4846c511945657bd9f2c93735ff59cb789a23e821a10
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm
SHA-256: 920ed07b7c2c15cf5d3e381e340fc2cd5e0021fe4766833033877a9f68f35ab0
varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm
SHA-256: 90ca3131462169fc8032b17f247172f9884af877acc046b1378a10bc9aad20cc
varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm
SHA-256: 24e2c0f35c0d4f3cee3ebf383f6679c0cf441bc68e131c4450d856c87b4b8913
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4
SRPM
varnish-6.0.6-2.module+el8.4.0+14090+331e4860.2.src.rpm
SHA-256: 248de343fd31d79e55a591d72ecdc4c141d714b66afc2dfd6656ebd325f5baa3
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm
SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb
aarch64
varnish-6.0.6-2.module+el8.4.0+14090+331e4860.2.aarch64.rpm
SHA-256: 81f03b07c2b972e46948e1bd2afcc400c54441c42e98eb0e89387369efec0d5b
varnish-devel-6.0.6-2.module+el8.4.0+14090+331e4860.2.aarch64.rpm
SHA-256: bf01f661782d9d8f073a903ebe7bbea20ed8c274c6400e66891804f99d813035
varnish-docs-6.0.6-2.module+el8.4.0+14090+331e4860.2.aarch64.rpm
SHA-256: 951a2cbde27339764fe9f3dc11ab2b5c25a48c6a403ea97a11ae68fc7bdb9796
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.aarch64.rpm
SHA-256: d5767fe5a233810c0504bc40ebdebe138e48032a78d122d87c572448a2c79e66
varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.aarch64.rpm
SHA-256: fbad572dcfcefcf29ea11c06a7ea6c774ddd0cd0c87fbd83ff4064654a5ce64d
varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.aarch64.rpm
SHA-256: d510dea616f8cb2ef714be13f52a5e9802bff79069ffa09b74e6f9336c6cdaab
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4
SRPM
varnish-6.0.6-2.module+el8.4.0+14090+331e4860.2.src.rpm
SHA-256: 248de343fd31d79e55a591d72ecdc4c141d714b66afc2dfd6656ebd325f5baa3
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm
SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb
ppc64le
varnish-6.0.6-2.module+el8.4.0+14090+331e4860.2.ppc64le.rpm
SHA-256: 845ec7955d10395f0ad3a772d174e67ffbc559cb0483884ca0a1659eb8a456c3
varnish-devel-6.0.6-2.module+el8.4.0+14090+331e4860.2.ppc64le.rpm
SHA-256: dcb257aa8d2e9dd86cdd2eb7672738907e8321b3cf64de4739f63dd0691b21b1
varnish-docs-6.0.6-2.module+el8.4.0+14090+331e4860.2.ppc64le.rpm
SHA-256: fb6ba0d1e82542022d26316222ac2ccf2b8b925823a321a44fe599eb38044d33
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le.rpm
SHA-256: 4dc937261656c078b6e2d48e7832cbdbcc99f0a81a88ef1f40ed31262e913f81
varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le.rpm
SHA-256: 261977ebd56c3a590669ab62136a0e3c63db106a9593d6c9c8cbcb4c86f20958
varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le.rpm
SHA-256: cc85d7217f2ab315596aa177d4dbbdf7ae287710325bfbf3468a2e5625dead49
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4
SRPM
varnish-6.0.6-2.module+el8.4.0+14090+331e4860.2.src.rpm
SHA-256: 248de343fd31d79e55a591d72ecdc4c141d714b66afc2dfd6656ebd325f5baa3
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm
SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb
x86_64
varnish-6.0.6-2.module+el8.4.0+14090+331e4860.2.x86_64.rpm
SHA-256: f1ecbbbe47fe241302734a6bb6c099249c1f8624acf31eb4e42ca75a02c2f22c
varnish-devel-6.0.6-2.module+el8.4.0+14090+331e4860.2.x86_64.rpm
SHA-256: 05a2b5cbbc775fc46a9dee5a30ca93606b3fffdca67b4788efac818991b14a60
varnish-docs-6.0.6-2.module+el8.4.0+14090+331e4860.2.x86_64.rpm
SHA-256: 6db4d4d674867961710b4846c511945657bd9f2c93735ff59cb789a23e821a10
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm
SHA-256: 920ed07b7c2c15cf5d3e381e340fc2cd5e0021fe4766833033877a9f68f35ab0
varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm
SHA-256: 90ca3131462169fc8032b17f247172f9884af877acc046b1378a10bc9aad20cc
varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm
SHA-256: 24e2c0f35c0d4f3cee3ebf383f6679c0cf441bc68e131c4450d856c87b4b8913
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.