Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

openSUSE: 2020:0379-1 Moderate Security Advisory for Nghttp2

opensuse
Calendar Grey March 25, 2020
Dist Opensuse Esm H88
openSUSE published a security patch for nghttp2, fixing a moderate vulnerability. Please consult the advisory for further information.
An update that solves one vulnerability and has one errata is now available.

Description

This update for nghttp2 fixes the following issues:

nghttp2 was update to version 1.40.0 (bsc#1166481)

- lib: Add nghttp2_check_authority as public API

- lib: Fix the bug that stream is closed with wrong error code

- lib: Faster huffman encoding and decoding

- build: Avoid filename collision of static and dynamic lib

- build: Add new flag ENABLE_STATIC_CRT for Windows

- build: cmake: Support building nghttpx with systemd

- third-party: Update neverbleed to fix memory leak

- nghttpx: Fix bug that mruby is incorrectly shared between backends

- nghttpx: Reconnect h1 backend if it lost connection before sending

headers - nghttpx: Returns 408 if backend timed out before sending headers - nghttpx: Fix request stal

This update was imported from the SUSE:SLE-15:Update update project.

Topics%20covered

Topics Covered

security advisory moderate update software update fix openSUSE nghttp2

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-379=1

Package List

- openSUSE Leap 15.1 (i586 x86_64):

libnghttp2-14-1.40.0-lp151.3.6.1

libnghttp2-14-debuginfo-1.40.0-lp151.3.6.1

libnghttp2-devel-1.40.0-lp151.3.6.1

libnghttp2_asio-devel-1.40.0-lp151.3.6.1

libnghttp2_asio1-1.40.0-lp151.3.6.1

libnghttp2_asio1-debuginfo-1.40.0-lp151.3.6.1

nghttp2-1.40.0-lp151.3.6.1

nghttp2-debuginfo-1.40.0-lp151.3.6.1

nghttp2-debugsource-1.40.0-lp151.3.6.1

nghttp2-python-debugsource-1.40.0-lp151.3.6.1

python3-nghttp2-1.40.0-lp151.3.6.1

python3-nghttp2-debuginfo-1.40.0-lp151.3.6.1

- openSUSE Leap 15.1 (x86_64):

libnghttp2-14-32bit-1.40.0-lp151.3.6.1

libnghttp2-14-32bit-debuginfo-1.40.0-lp151.3.6.1

libnghttp2_asio1-32bit-1.40.0-lp151.3.6.1

libnghttp2_asio1-32bit-debuginfo-1.40.0-lp151.3.6.1

References

https://www.suse.com/security/cve/CVE-2019-18802.html

https://bugzilla.suse.com/1159003

https://bugzilla.suse.com/1166481

--

Announcement ID: openSUSE-SU-2020:0379-1
Rating: moderate
Affected Products: openSUSE Leap 15.1 le.

Topics%20covered

Topics Covered

security advisory moderate update software update fix openSUSE nghttp2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here