Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:8645: Red Hat Security Advisory: varnish:6 security update

An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-45060: varnish: Request Forgery Vulnerability
Red Hat Security Data
Open in Source
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-11-28

Updated:

2022-11-28

RHSA-2022:8645 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: varnish:6 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don’t have to create the same web page over and over again, giving the website a significant speed up.

Security Fix(es):

  • varnish: Request Forgery Vulnerability (CVE-2022-45060)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2141844 - CVE-2022-45060 varnish: Request Forgery Vulnerability

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM

varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.src.rpm

SHA-256: 93e99523277ea6a369de1251ecf7809195d03aee8536a38469abe3fbaacd6965

varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm

SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb

x86_64

varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.x86_64.rpm

SHA-256: 87b3813eb634d5558f45e1c24faa9fc449b7a607ca9d6f1fec87e6278fc103d6

varnish-devel-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.x86_64.rpm

SHA-256: 2be27ad876a6ec36785cf0bef936cbe17a1c126651023f0371266df78e948047

varnish-docs-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.x86_64.rpm

SHA-256: f626cba14e5906e05e0b4fab426e17a45974bd32d3d8590e6eabab4319902cff

varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm

SHA-256: 920ed07b7c2c15cf5d3e381e340fc2cd5e0021fe4766833033877a9f68f35ab0

varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm

SHA-256: 90ca3131462169fc8032b17f247172f9884af877acc046b1378a10bc9aad20cc

varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm

SHA-256: 24e2c0f35c0d4f3cee3ebf383f6679c0cf441bc68e131c4450d856c87b4b8913

Red Hat Enterprise Linux Server - AUS 8.4

SRPM

varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.src.rpm

SHA-256: 93e99523277ea6a369de1251ecf7809195d03aee8536a38469abe3fbaacd6965

varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm

SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb

x86_64

varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.x86_64.rpm

SHA-256: 87b3813eb634d5558f45e1c24faa9fc449b7a607ca9d6f1fec87e6278fc103d6

varnish-devel-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.x86_64.rpm

SHA-256: 2be27ad876a6ec36785cf0bef936cbe17a1c126651023f0371266df78e948047

varnish-docs-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.x86_64.rpm

SHA-256: f626cba14e5906e05e0b4fab426e17a45974bd32d3d8590e6eabab4319902cff

varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm

SHA-256: 920ed07b7c2c15cf5d3e381e340fc2cd5e0021fe4766833033877a9f68f35ab0

varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm

SHA-256: 90ca3131462169fc8032b17f247172f9884af877acc046b1378a10bc9aad20cc

varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm

SHA-256: 24e2c0f35c0d4f3cee3ebf383f6679c0cf441bc68e131c4450d856c87b4b8913

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM

varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.src.rpm

SHA-256: 93e99523277ea6a369de1251ecf7809195d03aee8536a38469abe3fbaacd6965

varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm

SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb

s390x

varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.s390x.rpm

SHA-256: c6bf2f5a0b6dde47ee2d2343b2f04815970927d443a99f5b090a2df5ddca0f73

varnish-devel-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.s390x.rpm

SHA-256: d0cd6531c3494e0fe66810604b32e963af27a7a73ed31ce2e6731463299fecb4

varnish-docs-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.s390x.rpm

SHA-256: 3e15ebe665619e187d008dd1ee7ce3c0692a930e1a0e1a84c3b3bbb7d848236d

varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.s390x.rpm

SHA-256: fda57aecdd7a98c814da3d45267cc31faf5583a79bd77f1f63d7fb81ce0e1305

varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.s390x.rpm

SHA-256: f77c342aa51b60d07424cfa256965d10e2c098fd46899633c0b50a1352b74ff3

varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.s390x.rpm

SHA-256: 9b23b45143e59025215fafd4af7e53c270c9b1d8f07421e15ced4ff333e964fe

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM

varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.src.rpm

SHA-256: 93e99523277ea6a369de1251ecf7809195d03aee8536a38469abe3fbaacd6965

varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm

SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb

ppc64le

varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.ppc64le.rpm

SHA-256: cdb540a211fc685e3aaa6a664c01c3607adcff1cdf0d0168581dd8b410f21ae1

varnish-devel-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.ppc64le.rpm

SHA-256: e5e0a0c908bf4d7ef425ab5bd6c1b65aa5b352b7cd31ec3cc1c067ffb0d96d9b

varnish-docs-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.ppc64le.rpm

SHA-256: 8d199d6bcbb632a4a7d7f56ff602c8cac352a1341913c569b6dd8142c38fa9fd

varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le.rpm

SHA-256: 4dc937261656c078b6e2d48e7832cbdbcc99f0a81a88ef1f40ed31262e913f81

varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le.rpm

SHA-256: 261977ebd56c3a590669ab62136a0e3c63db106a9593d6c9c8cbcb4c86f20958

varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le.rpm

SHA-256: cc85d7217f2ab315596aa177d4dbbdf7ae287710325bfbf3468a2e5625dead49

Red Hat Enterprise Linux Server - TUS 8.4

SRPM

varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.src.rpm

SHA-256: 93e99523277ea6a369de1251ecf7809195d03aee8536a38469abe3fbaacd6965

varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm

SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb

x86_64

varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.x86_64.rpm

SHA-256: 87b3813eb634d5558f45e1c24faa9fc449b7a607ca9d6f1fec87e6278fc103d6

varnish-devel-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.x86_64.rpm

SHA-256: 2be27ad876a6ec36785cf0bef936cbe17a1c126651023f0371266df78e948047

varnish-docs-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.x86_64.rpm

SHA-256: f626cba14e5906e05e0b4fab426e17a45974bd32d3d8590e6eabab4319902cff

varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm

SHA-256: 920ed07b7c2c15cf5d3e381e340fc2cd5e0021fe4766833033877a9f68f35ab0

varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm

SHA-256: 90ca3131462169fc8032b17f247172f9884af877acc046b1378a10bc9aad20cc

varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm

SHA-256: 24e2c0f35c0d4f3cee3ebf383f6679c0cf441bc68e131c4450d856c87b4b8913

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM

varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.src.rpm

SHA-256: 93e99523277ea6a369de1251ecf7809195d03aee8536a38469abe3fbaacd6965

varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm

SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb

aarch64

varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.aarch64.rpm

SHA-256: c09c7c8105c1bd246555181b41f6726f021592568eff669cdbcbef8315bd9031

varnish-devel-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.aarch64.rpm

SHA-256: c0baf64d9cc587189c3db0ab34afdddfc8d345c443c6c017faf225f4b672e3da

varnish-docs-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.aarch64.rpm

SHA-256: 480f8c1b69cb243ded5966a10629f74afac8301d490fca0003b6226b58ad23c4

varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.aarch64.rpm

SHA-256: d5767fe5a233810c0504bc40ebdebe138e48032a78d122d87c572448a2c79e66

varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.aarch64.rpm

SHA-256: fbad572dcfcefcf29ea11c06a7ea6c774ddd0cd0c87fbd83ff4064654a5ce64d

varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.aarch64.rpm

SHA-256: d510dea616f8cb2ef714be13f52a5e9802bff79069ffa09b74e6f9336c6cdaab

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM

varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.src.rpm

SHA-256: 93e99523277ea6a369de1251ecf7809195d03aee8536a38469abe3fbaacd6965

varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm

SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb

ppc64le

varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.ppc64le.rpm

SHA-256: cdb540a211fc685e3aaa6a664c01c3607adcff1cdf0d0168581dd8b410f21ae1

varnish-devel-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.ppc64le.rpm

SHA-256: e5e0a0c908bf4d7ef425ab5bd6c1b65aa5b352b7cd31ec3cc1c067ffb0d96d9b

varnish-docs-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.ppc64le.rpm

SHA-256: 8d199d6bcbb632a4a7d7f56ff602c8cac352a1341913c569b6dd8142c38fa9fd

varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le.rpm

SHA-256: 4dc937261656c078b6e2d48e7832cbdbcc99f0a81a88ef1f40ed31262e913f81

varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le.rpm

SHA-256: 261977ebd56c3a590669ab62136a0e3c63db106a9593d6c9c8cbcb4c86f20958

varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le.rpm

SHA-256: cc85d7217f2ab315596aa177d4dbbdf7ae287710325bfbf3468a2e5625dead49

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM

varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.src.rpm

SHA-256: 93e99523277ea6a369de1251ecf7809195d03aee8536a38469abe3fbaacd6965

varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm

SHA-256: 889bc138f71b63f3f536a703c2b543decd43c6ddd7badfc788060f09621048bb

x86_64

varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.x86_64.rpm

SHA-256: 87b3813eb634d5558f45e1c24faa9fc449b7a607ca9d6f1fec87e6278fc103d6

varnish-devel-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.x86_64.rpm

SHA-256: 2be27ad876a6ec36785cf0bef936cbe17a1c126651023f0371266df78e948047

varnish-docs-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.x86_64.rpm

SHA-256: f626cba14e5906e05e0b4fab426e17a45974bd32d3d8590e6eabab4319902cff

varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm

SHA-256: 920ed07b7c2c15cf5d3e381e340fc2cd5e0021fe4766833033877a9f68f35ab0

varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm

SHA-256: 90ca3131462169fc8032b17f247172f9884af877acc046b1378a10bc9aad20cc

varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm

SHA-256: 24e2c0f35c0d4f3cee3ebf383f6679c0cf441bc68e131c4450d856c87b4b8913

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

RHSA-2023:0673: Red Hat Security Advisory: rh-varnish6-varnish security update

An update for rh-varnish6-varnish is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45060: An HTTP Request Forgery issue was discovered in Varnish Cache. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could be used to exploit vulnerabilities in a server behind t...

Red Hat Security Advisory 2022-8643-01

Red Hat Security Advisory 2022-8643-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

Red Hat Security Advisory 2022-8646-01

Red Hat Security Advisory 2022-8646-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

Red Hat Security Advisory 2022-8649-01

Red Hat Security Advisory 2022-8649-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

Red Hat Security Advisory 2022-8650-01

Red Hat Security Advisory 2022-8650-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

Red Hat Security Advisory 2022-8644-01

Red Hat Security Advisory 2022-8644-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

Red Hat Security Advisory 2022-8647-01

Red Hat Security Advisory 2022-8647-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

Red Hat Security Advisory 2022-8645-01

Red Hat Security Advisory 2022-8645-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

RHSA-2022:8650: Red Hat Security Advisory: varnish:6 security update

An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45060: varnish: Request Forgery Vulnerability

RHSA-2022:8649: Red Hat Security Advisory: varnish:6 security update

An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45060: varnish: Request Forgery Vulnerability

RHSA-2022:8647: Red Hat Security Advisory: varnish:6 security update

An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45060: varnish: Request Forgery Vulnerability

RHSA-2022:8644: Red Hat Security Advisory: varnish security update

An update for varnish is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45060: varnish: Request Forgery Vulnerability

RHSA-2022:8643: Red Hat Security Advisory: varnish security update

An update for varnish is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45060: varnish: Request Forgery Vulnerability

CVE-2022-45060: Varnish HTTP/2 Request Forgery - Varnish Software Documentation

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data