varnish:6 security update

エラータID: AXSA:2025-9999:01

リリース日: 
2025/06/09 Monday - 17:05
題名: 
varnish:6 security update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

Security Fix(es):

* varnish: request smuggling attacks (CVE-2025-47905)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-47905
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.

Modularity name: "varnish"
Stream name: "6"

解決策: 

Update packages.

CVE: 
CVE-2025-47905
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. varnish-modules-0.15.0-6.module+el8+1879+110d95c7.src.rpm
    MD5: 2ef30c5e4d408bdea67bf08c5a2f09a3
    SHA-256: 0d91161ae3d852f2c88d5abd549d7bce81e9f775a6014dd2c1a7749ad2073b6a
    Size: 431.38 kB
  2. varnish-6.0.13-1.module+el8+1879+110d95c7.1.src.rpm
    MD5: 2c60e8e9306acf08d87f932eeadcdeb0
    SHA-256: a93f382af806688b721f6d88d6db5d00067907b8f95b65da7b37dcaa46b63b0c
    Size: 3.16 MB

Asianux Server 8 for x86_64
  1. varnish-6.0.13-1.module+el8+1879+110d95c7.1.x86_64.rpm
    MD5: 41f2290cd8bfdb93757865bfd7cd0c9f
    SHA-256: 0fa2c480e97d4b82ee5596aa80d8a8d685cb38b7f5c69f0db6e145a50a51e3b4
    Size: 0.97 MB
  2. varnish-devel-6.0.13-1.module+el8+1879+110d95c7.1.x86_64.rpm
    MD5: ef22b4725cdcd8ef25e11a97bf6c7fba
    SHA-256: 412b9f0137d6764bd918212b6f85569b92f63a41c7cd90a30725aff10e83bd68
    Size: 132.76 kB
  3. varnish-docs-6.0.13-1.module+el8+1879+110d95c7.1.x86_64.rpm
    MD5: 02272febc4b827bf17d9c7cee227cfc7
    SHA-256: b7c49a09f06e7a02d8fbac6e4e97c2b51d13d37bf00db174f1dcb50dda107fa7
    Size: 555.40 kB
  4. varnish-modules-0.15.0-6.module+el8+1879+110d95c7.x86_64.rpm
    MD5: cfb743efca2a6eacf3cbd57a83a979f3
    SHA-256: 7bca95e1cb0054d974cc8bc1d66e050921fc8dd5b43ba00777757b4f91b4237b
    Size: 81.62 kB
  5. varnish-modules-debugsource-0.15.0-6.module+el8+1879+110d95c7.x86_64.rpm
    MD5: 1b755bc46d94fa93eb52fe9c3e9ef5f3
    SHA-256: 7fe3a9baf189dff658bcaefe276848a09da2ad1907c7a3c08ec55facff40f30c
    Size: 31.65 kB