nghttp2-1.43.0-5.el9.1

エラータID: AXSA:2023-6518:02

Release date:

Friday, October 20, 2023 - 06:00

Subject:

Affected Channels:

MIRACLE LINUX 9 for x86_64

Severity:

High

Description:

This package contains the HTTP/2 client, server and proxy programs.

Security Fix(es):

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Solution:

Update packages.

CVEs:

Additional Info:

N/A

Download:

SRPMS

nghttp2-1.43.0-5.el9.1.src.rpm
MD5: 5d0a8b886644a319ff0cb141d03dae44
SHA-256: e2f11ab511e23a929fac4d62ea8196a236628b4150872ffebc416bb509d88f85
Size: 3.81 MB

Asianux Server 9 for x86_64

libnghttp2-1.43.0-5.el9.1.i686.rpm
MD5: 9fcfc9f889eace7cf8ebc592a9865139
SHA-256: bbc2a703783d8367bd736f4a71259c77d6ee6cfac54d105a0d5d11f38af73e9c
Size: 78.21 kB
libnghttp2-1.43.0-5.el9.1.x86_64.rpm
MD5: 2cefe3e1e016140882d3df23e49a971e
SHA-256: 01e5e117646a91529afdaadc28080e818d85b9595198955357150c20d0a3ad7c
Size: 71.97 kB
libnghttp2-devel-1.43.0-5.el9.1.i686.rpm
MD5: 8a2ec3b961d6d8faeed17ac2ea78dbcf
SHA-256: 2c7d668b7dca1a8651cfd225a470bf1918b7fefc06f962010514119c25ae1581
Size: 51.67 kB
libnghttp2-devel-1.43.0-5.el9.1.x86_64.rpm
MD5: 2dee0651199899088692d47922fd8d6e
SHA-256: 506b4c4b6be90713c756c0ec81c447428314b107ecca2733fe7523ca9262386f
Size: 51.69 kB
nghttp2-1.43.0-5.el9.1.x86_64.rpm
MD5: a07a413d3923214572a56e41cbd68595
SHA-256: 9a09634784980d01f64d187b044087cb71e088f1f5325293e068c4c2eedceec9
Size: 570.49 kB

日本語

Main menu

You are here

nghttp2-1.43.0-5.el9.1