(RHSA-2022:8649) Important: varnish:6 security update

2022-11-2810:33:38

access.redhat.com

varnish cache

http accelerator

web pages

memory

speed up

security update

request forgery vulnerability

cve-2022-45060

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.003

Percentile

69.6%

JSON

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don’t have to create the same web page over and over again, giving the website a significant speed up.

Security Fix(es):

varnish: Request Forgery Vulnerability (CVE-2022-45060)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyaarch64varnish-docs< 6.0.8-2.module+el8.7.0+17239+94d153bd.1varnish-docs-6.0.8-2.module+el8.7.0+17239+94d153bd.1.aarch64.rpm
RedHatanyaarch64varnish-devel< 6.0.8-2.module+el8.7.0+17239+94d153bd.1varnish-devel-6.0.8-2.module+el8.7.0+17239+94d153bd.1.aarch64.rpm
RedHatanyppc64levarnish-devel< 6.0.8-2.module+el8.7.0+17239+94d153bd.1varnish-devel-6.0.8-2.module+el8.7.0+17239+94d153bd.1.ppc64le.rpm
RedHatanyppc64levarnish-docs< 6.0.8-2.module+el8.7.0+17239+94d153bd.1varnish-docs-6.0.8-2.module+el8.7.0+17239+94d153bd.1.ppc64le.rpm
RedHatanyppc64levarnish-modules-debugsource< 0.15.0-6.module+el8.5.0+11976+0b4af72dvarnish-modules-debugsource-0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le.rpm
RedHatanyx86_64varnish-modules< 0.15.0-6.module+el8.5.0+11976+0b4af72dvarnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm
RedHatanyaarch64varnish< 6.0.8-2.module+el8.7.0+17239+94d153bd.1varnish-6.0.8-2.module+el8.7.0+17239+94d153bd.1.aarch64.rpm
RedHatanys390xvarnish-modules-debuginfo< 0.15.0-6.module+el8.5.0+11976+0b4af72dvarnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x.rpm
RedHatanyaarch64varnish-modules-debuginfo< 0.15.0-6.module+el8.5.0+11976+0b4af72dvarnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64.rpm
RedHatanyaarch64varnish-modules< 0.15.0-6.module+el8.5.0+11976+0b4af72dvarnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	aarch64	varnish-docs	< 6.0.8-2.module+el8.7.0+17239+94d153bd.1	varnish-docs-6.0.8-2.module+el8.7.0+17239+94d153bd.1.aarch64.rpm
RedHat	any	aarch64	varnish-devel	< 6.0.8-2.module+el8.7.0+17239+94d153bd.1	varnish-devel-6.0.8-2.module+el8.7.0+17239+94d153bd.1.aarch64.rpm
RedHat	any	ppc64le	varnish-devel	< 6.0.8-2.module+el8.7.0+17239+94d153bd.1	varnish-devel-6.0.8-2.module+el8.7.0+17239+94d153bd.1.ppc64le.rpm
RedHat	any	ppc64le	varnish-docs	< 6.0.8-2.module+el8.7.0+17239+94d153bd.1	varnish-docs-6.0.8-2.module+el8.7.0+17239+94d153bd.1.ppc64le.rpm
RedHat	any	ppc64le	varnish-modules-debugsource	< 0.15.0-6.module+el8.5.0+11976+0b4af72d	varnish-modules-debugsource-0.15.0-6.module+el8.5.0+11976+0b4af72d.ppc64le.rpm
RedHat	any	x86_64	varnish-modules	< 0.15.0-6.module+el8.5.0+11976+0b4af72d	varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.x86_64.rpm
RedHat	any	aarch64	varnish	< 6.0.8-2.module+el8.7.0+17239+94d153bd.1	varnish-6.0.8-2.module+el8.7.0+17239+94d153bd.1.aarch64.rpm
RedHat	any	s390x	varnish-modules-debuginfo	< 0.15.0-6.module+el8.5.0+11976+0b4af72d	varnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.s390x.rpm
RedHat	any	aarch64	varnish-modules-debuginfo	< 0.15.0-6.module+el8.5.0+11976+0b4af72d	varnish-modules-debuginfo-0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64.rpm
RedHat	any	aarch64	varnish-modules	< 0.15.0-6.module+el8.5.0+11976+0b4af72d	varnish-modules-0.15.0-6.module+el8.5.0+11976+0b4af72d.aarch64.rpm