Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Fedora 29: FEDORA-2019-8a437d5c2f Critical Denial Of Service

fedora
Calendar Grey August 27, 2019
Dist Fedora Esm H88
Update to nghttp2 to fix critical Denial of Service issues on Fedora 29, addressing multiple CVE threats effectively.
- update to the latest upstream release (fixes CVE-2019-9511 and CVE-2019-9513)

Summary

This package contains the HTTP/2 client, server and proxy programs.

- update to the latest upstream release (fixes CVE-2019-9511 and CVE-2019-9513)

* Wed Aug 14 2019 Kamil Dudka 1.39.2-1

- update to the latest upstream release

* Thu Jul 25 2019 Fedora Release Engineering - 1.39.1-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

* Tue Jun 11 2019 Kamil Dudka 1.39.1-1

- update to the latest upstream release

* Tue Jun 11 2019 Kamil Dudka 1.39.0-1

- update to the latest upstream release

* Thu Apr 18 2019 Kamil Dudka 1.38.0-1

- update to the latest upstream release

* Fri Mar 8 2019 Kamil Dudka 1.37.0-1

- update to the latest upstream release

* Fri Feb 1 2019 Fedora Release Engineering - 1.36.0-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Fri Jan 18 2019 Kamil Dudka 1.36.0-1

- update to the latest upstream release

* Mon Dec 10 2018 Kamil Dudka 1.35.1-1

- update to the latest upstream release

* Fri Nov 23 2018 Kamil Dudka 1.35.0-1

- update to the latest upstream release

[ 1 ] Bug #1742011 - CVE-2019-9513 nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1742011

[ 2 ] Bug #1741947 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1741947

[ 3 ] Bug #1745636 - unable to update nodejs/npm due to conflict with libnghttp2

https://bugzilla.redhat.com/show_bug.cgi?id=1745636

su -c 'dnf upgrade --advisory FEDORA-2019-8a437d5c2f' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory Fedora software patch update information Denial Of Service resource consumption nghttp2

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 29
Version: 1.39.2
Release: 1.fc29
URL: https://nghttp2.org/
Summary: Experimental HTTP/2 client, server and proxy

Topics%20covered

Topics Covered

security advisory Fedora software patch update information Denial Of Service resource consumption nghttp2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here