[El-errata] ELSA-2024-1691 Important: Oracle Linux 9 varnish security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Apr 10 09:32:26 UTC 2024
Oracle Linux Security Advisory ELSA-2024-1691
http://linux.oracle.com/errata/ELSA-2024-1691.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
varnish-6.6.2-4.el9_3.1.i686.rpm
varnish-6.6.2-4.el9_3.1.x86_64.rpm
varnish-docs-6.6.2-4.el9_3.1.x86_64.rpm
varnish-devel-6.6.2-4.el9_3.1.i686.rpm
varnish-devel-6.6.2-4.el9_3.1.x86_64.rpm
aarch64:
varnish-6.6.2-4.el9_3.1.aarch64.rpm
varnish-docs-6.6.2-4.el9_3.1.aarch64.rpm
varnish-devel-6.6.2-4.el9_3.1.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//varnish-6.6.2-4.el9_3.1.src.rpm
Related CVEs:
CVE-2024-30156
Description of changes:
[6.6.2-4.1]
- Resolves: RHEL-30387 - varnish: HTTP/2 Broken Window Attack may result
in denial of service (CVE-2024-30156)
[6.6.2-4]
- Add parameters h2_rst_allowance and h2_rst_allowance_period to mitigate CVE-2023-44487
- Resolves: RHEL-12817
More information about the El-errata
mailing list