Advisories » MGASA-2024-0124

Updated varnish packages fix security vulnerability

Publication date: 12 Apr 2024
Modification date: 12 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-30156

Description

Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13
LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits
exhaustion for an HTTP/2 connection control flow window, aka a Broke
Window Attack. (CVE-2024-30156)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33084
• https://lwn.net/Articles/969301/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30156

SRPMS

9/core

• varnish-7.3.2-1.mga9