nghttp2-1.33.0-5.el8
エラータID: AXSA:2023-6516:01
Release date:
Friday, October 20, 2023 - 03:36
Subject:
nghttp2-1.33.0-5.el8
Affected Channels:
Asianux Server 8 for x86_64
Severity:
High
Description:
nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.
Security Fix(es):
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Solution:
Update packages.
CVEs:
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Additional Info:
N/A
Download:
SRPMS
- nghttp2-1.33.0-5.el8.src.rpm
MD5: 04708939544e1610c429b7f7fb771f77
SHA-256: 342d5fcb32b3146fcb67b3c236b767694926b938714e64bf829931159cd214d1
Size: 1.51 MB
Asianux Server 8 for x86_64
- libnghttp2-1.33.0-5.el8.i686.rpm
MD5: e682b3917eff1a538c0009803ab02a86
SHA-256: 506fd989f530984663f090317f286067775ead5cdcae6a9c9dcd3bcccc05ac41
Size: 83.21 kB - libnghttp2-1.33.0-5.el8.x86_64.rpm
MD5: 9f0d140eb630a6d8d8f3c6520838f173
SHA-256: 91784cdbf617a980f30d7857e5a862ac0671812d0a99da06a223fb07de601686
Size: 76.82 kB - libnghttp2-devel-1.33.0-5.el8.i686.rpm
MD5: 5144723006156a6021e111fd57ff1278
SHA-256: e3b86133916b59658d12b97022154a8c548df0a2f49460bbb04edd77b4970eef
Size: 59.66 kB - libnghttp2-devel-1.33.0-5.el8.x86_64.rpm
MD5: 377510c310b25be82b60aed888529749
SHA-256: 29a803a07da47ec62b7b89c9971b3a74fa9f27b772efae739b5763aa49db98ba
Size: 59.65 kB - nghttp2-1.33.0-5.el8.x86_64.rpm
MD5: 26e7ab201ad6c9068ba26a35f0bddcf1
SHA-256: 9e5c9fa2fd5c2e072c008e86c791cbf883647777ad69e7e5825b253386e01fcb
Size: 597.53 kB