Updated varnish packages fix security vulnerability
Publication date: 12 Apr 2024Modification date: 12 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-30156
Description
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack. (CVE-2024-30156)
References
SRPMS
9/core
- varnish-7.3.2-1.mga9