Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Fedora 23: 2016-54f85ec6e8 Critical: nghttp2 Heap Use-After-Free Fix

fedora
Calendar Grey January 7, 2016
Dist Fedora Esm H88
Debian patch 2023-64g5hjk7l1 rectifies buffer issue in libcurl, improving performance and safety for HTTP requests.
- update to nghttp2-1.6.0 (fixes CVE-2015-8659)

Summary

This package contains the HTTP/2 client, server and proxy programs.

Update Information:

- update to nghttp2-1.6.0 (fixes CVE-2015-8659)

Change Log

References


[ 1 ] Bug #1295351 - CVE-2015-8659 nghttp2: heap-use-after-free flaw in idle stream handling code https://bugzilla.redhat.com/show_bug.cgi?id=1295351

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update nghttp2' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: nghttp2
Product: Fedora 23
Version: 1.6.0
Release: 1.fc23
Summary: Experimental HTTP/2 client, server and proxy

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here