nghttp2-1.43.0-5.el9_4.3

エラータID: AXSA:2024-8147:01

Release date: 
Thursday, June 13, 2024 - 13:59
Subject: 
nghttp2-1.43.0-5.el9_4.3
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.

Security Fix(es):

* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-28182
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.

Solution: 

Update packages.

CVEs: 
CVE-2024-28182
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
Additional Info: 

N/A

Download: 

SRPMS
  1. nghttp2-1.43.0-5.el9_4.3.src.rpm
    MD5: aa263e33015ac9f3551be061b475c678
    SHA-256: dc00778b5ca8676ef10c1e54eeb65e7d837ac2f884c780bae6a0e0655ca62c91
    Size: 3.81 MB

Asianux Server 9 for x86_64
  1. libnghttp2-1.43.0-5.el9_4.3.i686.rpm
    MD5: 917559c93e61b8fb55363e616d2a3d8f
    SHA-256: b1a4b2916d1796b93587677a6c071603b62fe6a61f01cad51f2f7665f912db28
    Size: 78.44 kB
  2. libnghttp2-1.43.0-5.el9_4.3.x86_64.rpm
    MD5: 8ae4e41e51b467d5d4cb0f69137fe521
    SHA-256: e8f515411ec6bb06a21e04371586cda89f1d4ddbe446a6d99672344cd0ee8642
    Size: 72.33 kB
  3. libnghttp2-devel-1.43.0-5.el9_4.3.i686.rpm
    MD5: c7790d8750de56010b1d1d65b82c53f9
    SHA-256: cf25339d1713c922306633362cb35138b065c3d03919b05512fd2d4b8d094e90
    Size: 51.86 kB
  4. libnghttp2-devel-1.43.0-5.el9_4.3.x86_64.rpm
    MD5: 6cbf7bf368a183a8c415cae135f0d2c5
    SHA-256: 6980deddf4e98746a101ae9385645b1f48967f8ebb5f80341255d61f05a7a156
    Size: 51.87 kB
  5. nghttp2-1.43.0-5.el9_4.3.x86_64.rpm
    MD5: 88a6c40ac540cb3654d8a4d71b22a082
    SHA-256: c5f2699ef127f15474628e66eed34f3dcb3f20303ad9fa3fc05fd56220fc2baf
    Size: 572.83 kB