RHSA-2021:2993: Red Hat Security Advisory: rh-varnish6-varnish security update

An update for rh-varnish6-varnish is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don’t have to create the same web page over and over again, giving the website a significant speed up. The following packages have been upgraded to a later upstream version: rh-varnish6-varnish (6.0.8). Security Fix(es):

• varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request (CVE-2021-36740) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
• CVE-2021-36740: varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request