Headline

RHSA-2022:8650: Red Hat Security Advisory: varnish:6 security update

An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

CVE-2022-45060: varnish: Request Forgery Vulnerability

1 year ago

Red Hat Security Data

Open in Source

#vulnerability #web #linux #red_hat #nodejs #js #java #kubernetes #aws #ibm #sap

Skip to navigation Skip to main content

Utilities

Subscriptions
Downloads
Containers
Support Cases

Infrastructure and Management

Red Hat Enterprise Linux
Red Hat Virtualization
Red Hat Identity Management
Red Hat Directory Server
Red Hat Certificate System
Red Hat Satellite
Red Hat Subscription Management
Red Hat Update Infrastructure
Red Hat Insights
Red Hat Ansible Automation Platform

Cloud Computing

Red Hat OpenShift
Red Hat CloudForms
Red Hat OpenStack Platform
Red Hat OpenShift Container Platform
Red Hat OpenShift Data Science
Red Hat OpenShift Online
Red Hat OpenShift Dedicated
Red Hat Advanced Cluster Security for Kubernetes
Red Hat Advanced Cluster Management for Kubernetes
Red Hat Quay
OpenShift Dev Spaces
Red Hat OpenShift Service on AWS

Storage

Red Hat Gluster Storage
Red Hat Hyperconverged Infrastructure
Red Hat Ceph Storage
Red Hat OpenShift Data Foundation

Runtimes

Red Hat Runtimes
Red Hat JBoss Enterprise Application Platform
Red Hat Data Grid
Red Hat JBoss Web Server
Red Hat Single Sign On
Red Hat support for Spring Boot
Red Hat build of Node.js
Red Hat build of Thorntail
Red Hat build of Eclipse Vert.x
Red Hat build of OpenJDK
Red Hat build of Quarkus

Integration and Automation

Red Hat Process Automation
Red Hat Process Automation Manager
Red Hat Decision Manager

All Products

Issued:

2022-11-28

Updated:

2022-11-28

RHSA-2022:8650 - Security Advisory

Overview
Updated Packages

Synopsis

Important: varnish:6 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don’t have to create the same web page over and over again, giving the website a significant speed up.

Security Fix(es):

varnish: Request Forgery Vulnerability (CVE-2022-45060)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
Red Hat Enterprise Linux Server - AUS 8.6 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
Red Hat Enterprise Linux Server - TUS 8.6 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

BZ - 2141844 - CVE-2022-45060 varnish: Request Forgery Vulnerability

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM

varnish-6.0.8-2.module+el8.6.0+17240+b7b5e45c.1.src.rpm

SHA-256: e0946248a81fd3f339becbf0f8b88e9c75672532f0790ef7007ef7567c327407

varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.src.rpm

SHA-256: 4ebfe062040be919d50f2878a1a35f8990a676c8e210ee2c64ce31e447eda88c

x86_64

varnish-6.0.8-2.module+el8.6.0+17240+b7b5e45c.1.x86_64.rpm

SHA-256: bdd7a53c7d8b1fc3e574c55d94872506f8512263eb6b64f5defc3281230827f9

varnish-devel-6.0.8-2.module+el8.6.0+17240+b7b5e45c.1.x86_64.rpm

SHA-256: a82edc45e306b0dfa513c8fe5dbf521fb7ea296d0564df884b0366434deccfe6

varnish-docs-6.0.8-2.module+el8.6.0+17240+b7b5e45c.1.x86_64.rpm

SHA-256: 9d82ceb933bb2421601f8a9facf02d2cc4c3dffbe244b742cef88852ad8a9670

varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm

SHA-256: 221f156f879f6969b2af2f2ccccba211ceb121381d01ac5409e6a7da963d6bfb

varnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm

SHA-256: 36af9dc02305d588e625d62a337c3a461722cd7205496ec3335589b20482ecc1

varnish-modules-debugsource-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm

SHA-256: 31eae30e8f83b9332500cbb394b84dce0ff9eea218040b7e76f157d24a2a7a71

Red Hat Enterprise Linux Server - AUS 8.6