nghttp2-1.33.0-5.el8

エラータID: AXSA:2023-6516:01

Release date: 
Friday, October 20, 2023 - 03:36
Subject: 
nghttp2-1.33.0-5.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.

Security Fix(es):

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. nghttp2-1.33.0-5.el8.src.rpm
    MD5: 04708939544e1610c429b7f7fb771f77
    SHA-256: 342d5fcb32b3146fcb67b3c236b767694926b938714e64bf829931159cd214d1
    Size: 1.51 MB

Asianux Server 8 for x86_64
  1. libnghttp2-1.33.0-5.el8.i686.rpm
    MD5: e682b3917eff1a538c0009803ab02a86
    SHA-256: 506fd989f530984663f090317f286067775ead5cdcae6a9c9dcd3bcccc05ac41
    Size: 83.21 kB
  2. libnghttp2-1.33.0-5.el8.x86_64.rpm
    MD5: 9f0d140eb630a6d8d8f3c6520838f173
    SHA-256: 91784cdbf617a980f30d7857e5a862ac0671812d0a99da06a223fb07de601686
    Size: 76.82 kB
  3. libnghttp2-devel-1.33.0-5.el8.i686.rpm
    MD5: 5144723006156a6021e111fd57ff1278
    SHA-256: e3b86133916b59658d12b97022154a8c548df0a2f49460bbb04edd77b4970eef
    Size: 59.66 kB
  4. libnghttp2-devel-1.33.0-5.el8.x86_64.rpm
    MD5: 377510c310b25be82b60aed888529749
    SHA-256: 29a803a07da47ec62b7b89c9971b3a74fa9f27b772efae739b5763aa49db98ba
    Size: 59.65 kB
  5. nghttp2-1.33.0-5.el8.x86_64.rpm
    MD5: 26e7ab201ad6c9068ba26a35f0bddcf1
    SHA-256: 9e5c9fa2fd5c2e072c008e86c791cbf883647777ad69e7e5825b253386e01fcb
    Size: 597.53 kB