RedHat: RHSA-2019-2796:01 Important: skydive security update

    Date 18 Sep 2019
    861
    Posted By LinuxSecurity Advisories
    An update for skydive is now available for Red Hat OpenStack Platform 14.0 (Rocky). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: skydive security update
    Advisory ID:       RHSA-2019:2796-01
    Product:           Red Hat Enterprise Linux OpenStack Platform
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:2796
    Issue date:        2019-09-17
    CVE Names:         CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 
    =====================================================================
    
    1. Summary:
    
    An update for skydive is now available for Red Hat OpenStack Platform 14.0
    (Rocky).
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat OpenStack Platform 14.0 - noarch, ppc64le, x86_64
    
    3. Description:
    
    Skydive is an open source real-time network topology and protocols
    analyzer.
    
    Security Fix(es):
    
    * HTTP/2: flood using PING frames results in unbounded memory growth
    (CVE-2019-9512)
    
    * HTTP/2: flood using HEADERS frames results in unbounded memory growth
    (CVE-2019-9514)
    
    * HTTP/2: flood using SETTINGS frames results in unbounded memory growth
    (CVE-2019-9515)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth
    1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth
    1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth
    
    6. Package List:
    
    Red Hat OpenStack Platform 14.0:
    
    Source:
    skydive-0.20.5-2.el7ost.src.rpm
    
    noarch:
    skydive-selinux-0.20.5-2.el7ost.noarch.rpm
    
    ppc64le:
    skydive-0.20.5-2.el7ost.ppc64le.rpm
    skydive-agent-0.20.5-2.el7ost.ppc64le.rpm
    skydive-analyzer-0.20.5-2.el7ost.ppc64le.rpm
    skydive-ansible-0.20.5-2.el7ost.ppc64le.rpm
    skydive-debuginfo-0.20.5-2.el7ost.ppc64le.rpm
    
    x86_64:
    skydive-0.20.5-2.el7ost.x86_64.rpm
    skydive-agent-0.20.5-2.el7ost.x86_64.rpm
    skydive-analyzer-0.20.5-2.el7ost.x86_64.rpm
    skydive-ansible-0.20.5-2.el7ost.x86_64.rpm
    skydive-debuginfo-0.20.5-2.el7ost.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-9512
    https://access.redhat.com/security/cve/CVE-2019-9514
    https://access.redhat.com/security/cve/CVE-2019-9515
    https://access.redhat.com/security/updates/classification/#important
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXYLn8tzjgjWX9erEAQj2DQ//ezJAQWmzHsvEEWn34+vMRC1ANLG0WmKG
    Fas1HjXv1+64YXhms7bgbL0t/Oiw4A0sK0AWo6LB96Jp6dRDcc/m1MOPTbC28vV2
    IRJNPanECj/W1NWudWxgZEanRHOlSBUqfzFlNbTYw9jEiYcWJ3xHDe1JNU2k6p54
    PU9rAJyUe84+eErTwuYSeWdOul21XxEz2pzKBZSjC1nzV+7OPk6ZPLrDmhbV4sRa
    IFJXQXW8YwNn+t3iza3aZbZD6v25vPg6yicJnI72g57UobJfjkhbFjGfg7XPTZuZ
    7n4uW/Rez61qAu7FxyBbVSYPdGzIXoVHTTD2hNgQEw60Vak8LElke/kvmmmYDP6i
    pgY2WLO8h5uq5dqFWw0Cq7Rs5Ige8QsZZs5+YnwNR+LyJmrYOWJh428XDZFPPFFe
    FAsn+3HknNDW8Mm2kMIP3opDZnjKzpTM1QLfXTOU6gsiiIKCZpVfv3jVnzCsTbUP
    uyMmJU13TColDStDJ31ePJcR1nRkkFonJaU1+RoFoKQW9YUUe1k/XFFbHMuImVNE
    seYgGYme4ZGziPNudyYKkj+5IMTCz8jnVGkq9itsYh/7DhR/6I6HN8+C1mbIIcK+
    RBVwI7HZd6yVMg3WxPStwQXEWHlBwNNjgf3Pl9ygydNdfwQ4ohbCDnIDX7E7lKW3
    U/0giqG5SLk=
    =1PUl
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/30-do-you-feel-that-the-lawful-access-to-encrypted-data-act-which-aims-to-force-encryption-backdoors-is-a-threat-to-privacy?task=poll.vote&format=json
    30
    radio
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"19","type":"x","order":"1","pct":95,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"1","type":"x","order":"2","pct":5,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.