RHSA-2022:0420: Red Hat Security Advisory: varnish:6 security update

Skip to navigation Skip to main content

Utilities

• Subscriptions
• Downloads
• Containers
• Support Cases

Infrastructure and Management

• Red Hat Enterprise Linux
• Red Hat Virtualization
• Red Hat Identity Management
• Red Hat Directory Server
• Red Hat Certificate System
• Red Hat Satellite
• Red Hat Subscription Management
• Red Hat Update Infrastructure
• Red Hat Insights
• Red Hat Ansible Automation Platform

Cloud Computing

• Red Hat OpenShift
• Red Hat CloudForms
• Red Hat OpenStack Platform
• Red Hat OpenShift Container Platform
• Red Hat OpenShift Data Science
• Red Hat OpenShift Online
• Red Hat OpenShift Dedicated
• Red Hat Advanced Cluster Security for Kubernetes
• Red Hat Advanced Cluster Management for Kubernetes
• Red Hat Quay
• Red Hat CodeReady Workspaces
• Red Hat OpenShift Service on AWS

Storage

• Red Hat Gluster Storage
• Red Hat Hyperconverged Infrastructure
• Red Hat Ceph Storage
• Red Hat OpenShift Data Foundation

Runtimes

• Red Hat Runtimes
• Red Hat JBoss Enterprise Application Platform
• Red Hat Data Grid
• Red Hat JBoss Web Server
• Red Hat Single Sign On
• Red Hat support for Spring Boot
• Red Hat build of Node.js
• Red Hat build of Thorntail
• Red Hat build of Eclipse Vert.x
• Red Hat build of OpenJDK
• Red Hat build of Quarkus
• Red Hat CodeReady Studio

Integration and Automation

• Red Hat Process Automation
• Red Hat Process Automation Manager
• Red Hat Decision Manager

All Products

Issued:

2022-02-03

Updated:

2022-02-03

RHSA-2022:0420 - Security Advisory

• Overview
• Updated Packages

Synopsis

Important: varnish:6 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don’t have to create the same web page over and over again, giving the website a significant speed up.

Security Fix(es):

• varnish: HTTP/1 request smuggling vulnerability (CVE-2022-23959)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

• Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
• Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64

Fixes

• BZ - 2045031 - CVE-2022-23959 varnish: HTTP/1 request smuggling vulnerability

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1

SRPM

varnish-6.0.2-2.module+el8.1.0+14093+aa8ea65f.1.src.rpm

SHA-256: 1446e298cb38cc60c765737d4d58cf5e76c6cedb37283279ca9b0754d579d529

varnish-modules-0.15.0-4.module+el8+2481+4078e9d2.src.rpm

SHA-256: a101eb216a9aa903750d880c1fac433f0e0ea1578c7360621305352c1dfbbcd9

ppc64le

varnish-6.0.2-2.module+el8.1.0+14093+aa8ea65f.1.ppc64le.rpm

SHA-256: 3341b1927971ba90fbe2a7502d76cc4ff486459ff15b2482277829b46dc916a0

varnish-devel-6.0.2-2.module+el8.1.0+14093+aa8ea65f.1.ppc64le.rpm

SHA-256: 07efe1316885e895e7f269f396e130a80c305f3fa801b311ed84f17d15f6dd1a

varnish-docs-6.0.2-2.module+el8.1.0+14093+aa8ea65f.1.ppc64le.rpm

SHA-256: 64dd2d5f5288c2c7ba63b8a9696a44bacca58c0114bfbd30cfb04abd9adb098c

varnish-modules-0.15.0-4.module+el8+2481+4078e9d2.ppc64le.rpm

SHA-256: 88bd35b743b3dadd51dbcb3600f164eb37ad65586170f368d2ae1b3d83e68c84

varnish-modules-debuginfo-0.15.0-4.module+el8+2481+4078e9d2.ppc64le.rpm

SHA-256: 9a2125337372a042a2ca55c90b75e88b259303a5188d60fa797e6ab2ddce8f4f

varnish-modules-debugsource-0.15.0-4.module+el8+2481+4078e9d2.ppc64le.rpm

SHA-256: 0785e2dab5144b555d4e5aa56d96e7d972e1b9c4668771a60b69906a636505d0

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1

SRPM

varnish-6.0.2-2.module+el8.1.0+14093+aa8ea65f.1.src.rpm

SHA-256: 1446e298cb38cc60c765737d4d58cf5e76c6cedb37283279ca9b0754d579d529

varnish-modules-0.15.0-4.module+el8+2481+4078e9d2.src.rpm

SHA-256: a101eb216a9aa903750d880c1fac433f0e0ea1578c7360621305352c1dfbbcd9

x86_64

varnish-6.0.2-2.module+el8.1.0+14093+aa8ea65f.1.x86_64.rpm

SHA-256: b5fa0e0b6ce473ba4c92337a6a5de682ee7c7c460ba61169026bfe62eeb341e8

varnish-devel-6.0.2-2.module+el8.1.0+14093+aa8ea65f.1.x86_64.rpm

SHA-256: 60ae816cf7a9227f1e2b82714e9ae2374fc31614ba21a810c7b6b3905f639f14

varnish-docs-6.0.2-2.module+el8.1.0+14093+aa8ea65f.1.x86_64.rpm

SHA-256: b837c8b14b7adb8f7def4a037cabeb8c1453b58bdbe155e93982908607882ae5

varnish-modules-0.15.0-4.module+el8+2481+4078e9d2.x86_64.rpm

SHA-256: 67257e87eae9ca7544823c9aac1fc61736bbf0ee74832664a71acd20979e8167

varnish-modules-debuginfo-0.15.0-4.module+el8+2481+4078e9d2.x86_64.rpm

SHA-256: 07b4604da7dbaff3a48c85f182032fd44eb117f4643b0417e1c68068bb4b8cf6

varnish-modules-debugsource-0.15.0-4.module+el8+2481+4078e9d2.x86_64.rpm

SHA-256: 4aaf768af9486b39f29571ea120d05e1e296a4782a88f9a24b5f274c8ea3abf3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.