FEDORA-2022-babfbc2622
Packages in this update:
varnish-7.0.3-2.fc36
Update description:
This release includes fix for CVE-2022-45059 (VSV00010) and CVE-2022-45060 (VSV00011). From the upstream release notes:
VSV00010 Varnish Request Smuggling Vulnerability
Date: 2022-11-08
A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend. Among the headers that can be filtered this way are both Content-Length and Host, making it possible for an attacker to both break the HTTP/1 protocol framing, and bypass request to host routing in VCL.
VSV00011 Varnish HTTP/2 Request Forgery Vulnerability
Date: 2022-11-08
A request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This may in turn be used to successfully exploit vulnerabilities in a server behind the Varnish server.
More Stories
USN-7022-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
chromium-129.0.6668.58-1.fc39
FEDORA-2024-3d29b1647b Packages in this update: chromium-129.0.6668.58-1.fc39 Update description: update to 129.0.6668.58 * High CVE-2024-8904: Type Confusion in V8 * Medium...
chromium-129.0.6668.58-1.el9
FEDORA-EPEL-2024-034e4b1091 Packages in this update: chromium-129.0.6668.58-1.el9 Update description: update to 129.0.6668.58 * High CVE-2024-8904: Type Confusion in V8 * Medium...
chromium-129.0.6668.58-1.fc40
FEDORA-2024-d273b23c67 Packages in this update: chromium-129.0.6668.58-1.fc40 Update description: update to 129.0.6668.58 * High CVE-2024-8904: Type Confusion in V8 * Medium...
USN-7021-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
USN-7020-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...