nghttp2-1.33.0-5.el8

エラータID: AXSA:2023-6516:01

Release date:

Friday, October 20, 2023 - 03:36

Subject:

Affected Channels:

Asianux Server 8 for x86_64

Severity:

High

Description:

nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.

Security Fix(es):

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Solution:

Update packages.

CVEs:

Additional Info:

N/A

Download:

SRPMS

nghttp2-1.33.0-5.el8.src.rpm
MD5: 04708939544e1610c429b7f7fb771f77
SHA-256: 342d5fcb32b3146fcb67b3c236b767694926b938714e64bf829931159cd214d1
Size: 1.51 MB

Asianux Server 8 for x86_64

libnghttp2-1.33.0-5.el8.i686.rpm
MD5: e682b3917eff1a538c0009803ab02a86
SHA-256: 506fd989f530984663f090317f286067775ead5cdcae6a9c9dcd3bcccc05ac41
Size: 83.21 kB
libnghttp2-1.33.0-5.el8.x86_64.rpm
MD5: 9f0d140eb630a6d8d8f3c6520838f173
SHA-256: 91784cdbf617a980f30d7857e5a862ac0671812d0a99da06a223fb07de601686
Size: 76.82 kB
libnghttp2-devel-1.33.0-5.el8.i686.rpm
MD5: 5144723006156a6021e111fd57ff1278
SHA-256: e3b86133916b59658d12b97022154a8c548df0a2f49460bbb04edd77b4970eef
Size: 59.66 kB
libnghttp2-devel-1.33.0-5.el8.x86_64.rpm
MD5: 377510c310b25be82b60aed888529749
SHA-256: 29a803a07da47ec62b7b89c9971b3a74fa9f27b772efae739b5763aa49db98ba
Size: 59.65 kB
nghttp2-1.33.0-5.el8.x86_64.rpm
MD5: 26e7ab201ad6c9068ba26a35f0bddcf1
SHA-256: 9e5c9fa2fd5c2e072c008e86c791cbf883647777ad69e7e5825b253386e01fcb
Size: 597.53 kB

日本語

Main menu

You are here

nghttp2-1.33.0-5.el8